Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-40175 (GCVE-0-2023-40175)
Vulnerability from cvelistv5 – Published: 2023-08-18 21:35 – Updated: 2024-10-07 20:04
VLAI?
EPSS
Summary
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
7.3 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"name": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:puma:puma:-:*:*:*:*:ruby:*:*"
],
"defaultStatus": "unknown",
"product": "puma",
"vendor": "puma",
"versions": [
{
"lessThan": "5.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.3.1",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T20:03:28.960606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:04:46.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "puma",
"vendor": "puma",
"versions": [
{
"status": "affected",
"version": "\u003c 5.6.7"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T21:35:47.577Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"name": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
}
],
"source": {
"advisory": "GHSA-68xg-gqqm-vgj8",
"discovery": "UNKNOWN"
},
"title": "Inconsistent Interpretation of HTTP Requests in puma"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40175",
"datePublished": "2023-08-18T21:35:47.577Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-10-07T20:04:46.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\", \"versionEndExcluding\": \"5.6.7\", \"matchCriteriaId\": \"2C1EAED4-2740-4325-B155-DA1EAB8C2FD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.3.1\", \"matchCriteriaId\": \"3FEE1A57-B890-43B7-98FB-3ACFD1F2818E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Puma es un servidor web Ruby/Rack construido para paralelismo. Antes de las versiones 6.3.1 y 5.6.7, Puma mostraba un comportamiento incorrecto al analizar cuerpos de codificaci\\u00f3n de transferencia en trozos y cabeceras Content-Length de longitud cero de forma que permit\\u00eda el contrabando de peticiones HTTP. La gravedad de este problema depende en gran medida de la naturaleza del sitio web que utiliza Puma. Esto podr\\u00eda ser causado por un an\\u00e1lisis incorrecto de los campos finales en los cuerpos de codificaci\\u00f3n de transferencia en trozos o por el an\\u00e1lisis de cabeceras Content-Length en blanco/longitud cero. Ambos problemas han sido solucionados y esta vulnerabilidad ha sido corregida en las versiones 6.3.1 y 5.6.7.Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad. \"}]",
"id": "CVE-2023-40175",
"lastModified": "2024-11-21T08:18:55.877",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-08-18T22:15:11.653",
"references": "[{\"url\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-40175\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-08-18T22:15:11.653\",\"lastModified\":\"2024-11-21T08:18:55.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Puma es un servidor web Ruby/Rack construido para paralelismo. Antes de las versiones 6.3.1 y 5.6.7, Puma mostraba un comportamiento incorrecto al analizar cuerpos de codificaci\u00f3n de transferencia en trozos y cabeceras Content-Length de longitud cero de forma que permit\u00eda el contrabando de peticiones HTTP. La gravedad de este problema depende en gran medida de la naturaleza del sitio web que utiliza Puma. Esto podr\u00eda ser causado por un an\u00e1lisis incorrecto de los campos finales en los cuerpos de codificaci\u00f3n de transferencia en trozos o por el an\u00e1lisis de cabeceras Content-Length en blanco/longitud cero. Ambos problemas han sido solucionados y esta vulnerabilidad ha sido corregida en las versiones 6.3.1 y 5.6.7.Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"5.6.7\",\"matchCriteriaId\":\"2C1EAED4-2740-4325-B155-DA1EAB8C2FD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.3.1\",\"matchCriteriaId\":\"3FEE1A57-B890-43B7-98FB-3ACFD1F2818E\"}]}]}],\"references\":[{\"url\":\"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"name\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"name\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:24:55.618Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-40175\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-07T20:03:28.960606Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:puma:puma:-:*:*:*:*:ruby:*:*\"], \"vendor\": \"puma\", \"product\": \"puma\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.6.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-07T20:04:41.590Z\"}}], \"cna\": {\"title\": \"Inconsistent Interpretation of HTTP Requests in puma\", \"source\": {\"advisory\": \"GHSA-68xg-gqqm-vgj8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"puma\", \"product\": \"puma\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.6.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.3.1\"}]}], \"references\": [{\"url\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"name\": \"https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"name\": \"https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-08-18T21:35:47.577Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-40175\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-07T20:04:46.951Z\", \"dateReserved\": \"2023-08-09T15:26:41.052Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-08-18T21:35:47.577Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-68XG-GQQM-VGJ8
Vulnerability from github – Published: 2023-08-18 21:50 – Updated: 2023-08-24 22:34
VLAI?
Summary
Puma HTTP Request/Response Smuggling vulnerability
Details
Impact
Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.
The following vulnerabilities are addressed by this advisory:
- Incorrect parsing of trailing fields in chunked transfer encoding bodies
- Parsing of blank/zero-length Content-Length headers
Patches
The vulnerability has been fixed in 6.3.1 and 5.6.7.
Workarounds
No known workarounds.
References
For more information
If you have any questions or comments about this advisory:
Open an issue in Puma See our security policy
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.6.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-40175"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-18T21:50:05Z",
"nvd_published_at": "2023-08-18T22:15:11Z",
"severity": "CRITICAL"
},
"details": "### Impact\nPrior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.\n\nThe following vulnerabilities are addressed by this advisory:\n\n* Incorrect parsing of trailing fields in chunked transfer encoding bodies\n* Parsing of blank/zero-length Content-Length headers\n\n### Patches\nThe vulnerability has been fixed in 6.3.1 and 5.6.7.\n\n### Workarounds\nNo known workarounds.\n\n### References\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n\n### For more information\nIf you have any questions or comments about this advisory:\n\nOpen an issue in [Puma](https://github.com/puma/puma)\nSee our [security policy](https://github.com/puma/puma/security/policy)\n",
"id": "GHSA-68xg-gqqm-vgj8",
"modified": "2023-08-24T22:34:11Z",
"published": "2023-08-18T21:50:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1"
},
{
"type": "PACKAGE",
"url": "https://github.com/puma/puma"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/releases/tag/v5.6.7"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/releases/tag/v6.3.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Puma HTTP Request/Response Smuggling vulnerability"
}
SUSE-SU-2025:03467-1
Vulnerability from csaf_suse - Published: 2025-10-07 11:34 - Updated: 2025-10-07 11:34Summary
Security update for rubygem-puma
Notes
Title of the patch
Security update for rubygem-puma
Description of the patch
This update for rubygem-puma fixes the following issues:
Update to version 5.6.9.
- CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to
information leaks (bsc#1230848, fixed in an earlier update).
- CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to
denial-of-service attacks (bsc#1218638, fixed in an earlier update)
- CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length
headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update).
Patchnames
SUSE-2025-3467,SUSE-SLE-Product-HA-15-SP6-2025-3467,SUSE-SLE-Product-HA-15-SP7-2025-3467,openSUSE-SLE-15.6-2025-3467
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-puma fixes the following issues:\n\nUpdate to version 5.6.9.\n\n- CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to\n information leaks (bsc#1230848, fixed in an earlier update).\n- CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to\n denial-of-service attacks (bsc#1218638, fixed in an earlier update)\n- CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length\n headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3467,SUSE-SLE-Product-HA-15-SP6-2025-3467,SUSE-SLE-Product-HA-15-SP7-2025-3467,openSUSE-SLE-15.6-2025-3467",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03467-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03467-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503467-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03467-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042012.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214425",
"url": "https://bugzilla.suse.com/1214425"
},
{
"category": "self",
"summary": "SUSE Bug 1218638",
"url": "https://bugzilla.suse.com/1218638"
},
{
"category": "self",
"summary": "SUSE Bug 1230848",
"url": "https://bugzilla.suse.com/1230848"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40175 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45614 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45614/"
}
],
"title": "Security update for rubygem-puma",
"tracking": {
"current_release_date": "2025-10-07T11:34:07Z",
"generator": {
"date": "2025-10-07T11:34:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03467-1",
"initial_release_date": "2025-10-07T11:34:07Z",
"revision_history": [
{
"date": "2025-10-07T11:34:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.i586",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.i586",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40175"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40175",
"url": "https://www.suse.com/security/cve/CVE-2023-40175"
},
{
"category": "external",
"summary": "SUSE Bug 1214425 for CVE-2023-40175",
"url": "https://bugzilla.suse.com/1214425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:34:07Z",
"details": "important"
}
],
"title": "CVE-2023-40175"
},
{
"cve": "CVE-2024-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21647"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21647",
"url": "https://www.suse.com/security/cve/CVE-2024-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1218638 for CVE-2024-21647",
"url": "https://bugzilla.suse.com/1218638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:34:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-21647"
},
{
"cve": "CVE-2024-45614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45614"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45614",
"url": "https://www.suse.com/security/cve/CVE-2024-45614"
},
{
"category": "external",
"summary": "SUSE Bug 1230848 for CVE-2024-45614",
"url": "https://bugzilla.suse.com/1230848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-5.6.9-150600.18.3.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-puma-doc-5.6.9-150600.18.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:34:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-45614"
}
]
}
SUSE-SU-2023:3957-1
Vulnerability from csaf_suse - Published: 2023-10-04 07:10 - Updated: 2023-10-04 07:10Summary
Security update for rubygem-puma
Notes
Title of the patch
Security update for rubygem-puma
Description of the patch
This update for rubygem-puma fixes the following issues:
- CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425).
Patchnames
SUSE-2023-3957,SUSE-SLE-Product-HA-15-SP1-2023-3957,SUSE-SLE-Product-HA-15-SP2-2023-3957,SUSE-SLE-Product-HA-15-SP3-2023-3957,SUSE-SLE-Product-HA-15-SP4-2023-3957,SUSE-SLE-Product-HA-15-SP5-2023-3957,openSUSE-SLE-15.4-2023-3957,openSUSE-SLE-15.5-2023-3957
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-puma fixes the following issues:\n\n- CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3957,SUSE-SLE-Product-HA-15-SP1-2023-3957,SUSE-SLE-Product-HA-15-SP2-2023-3957,SUSE-SLE-Product-HA-15-SP3-2023-3957,SUSE-SLE-Product-HA-15-SP4-2023-3957,SUSE-SLE-Product-HA-15-SP5-2023-3957,openSUSE-SLE-15.4-2023-3957,openSUSE-SLE-15.5-2023-3957",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3957-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3957-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233957-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3957-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-October/031908.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214425",
"url": "https://bugzilla.suse.com/1214425"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40175 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40175/"
}
],
"title": "Security update for rubygem-puma",
"tracking": {
"current_release_date": "2023-10-04T07:10:48Z",
"generator": {
"date": "2023-10-04T07:10:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3957-1",
"initial_release_date": "2023-10-04T07:10:48Z",
"revision_history": [
{
"date": "2023-10-04T07:10:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.i586",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.i586",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40175"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40175",
"url": "https://www.suse.com/security/cve/CVE-2023-40175"
},
{
"category": "external",
"summary": "SUSE Bug 1214425 for CVE-2023-40175",
"url": "https://bugzilla.suse.com/1214425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1.x86_64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.aarch64",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.ppc64le",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.s390x",
"openSUSE Leap 15.5:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-04T07:10:48Z",
"details": "important"
}
],
"title": "CVE-2023-40175"
}
]
}
SUSE-SU-2025:03466-1
Vulnerability from csaf_suse - Published: 2025-10-07 11:33 - Updated: 2025-10-07 11:33Summary
Security update for rubygem-puma
Notes
Title of the patch
Security update for rubygem-puma
Description of the patch
This update for rubygem-puma fixes the following issues:
Update to version 5.6.9.
- CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to
information leaks (bsc#1230848, fixed in an earlier update).
- CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to
denial-of-service attacks (bsc#1218638, fixed in an earlier update)
- CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length
headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update).
Patchnames
SUSE-2025-3466,SUSE-SLE-Product-HA-15-SP3-2025-3466,SUSE-SLE-Product-HA-15-SP4-2025-3466,SUSE-SLE-Product-HA-15-SP5-2025-3466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-puma fixes the following issues:\n\nUpdate to version 5.6.9.\n\n- CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to\n information leaks (bsc#1230848, fixed in an earlier update).\n- CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to\n denial-of-service attacks (bsc#1218638, fixed in an earlier update)\n- CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length\n headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3466,SUSE-SLE-Product-HA-15-SP3-2025-3466,SUSE-SLE-Product-HA-15-SP4-2025-3466,SUSE-SLE-Product-HA-15-SP5-2025-3466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03466-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03466-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042013.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214425",
"url": "https://bugzilla.suse.com/1214425"
},
{
"category": "self",
"summary": "SUSE Bug 1218638",
"url": "https://bugzilla.suse.com/1218638"
},
{
"category": "self",
"summary": "SUSE Bug 1230848",
"url": "https://bugzilla.suse.com/1230848"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40175 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45614 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45614/"
}
],
"title": "Security update for rubygem-puma",
"tracking": {
"current_release_date": "2025-10-07T11:33:53Z",
"generator": {
"date": "2025-10-07T11:33:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03466-1",
"initial_release_date": "2025-10-07T11:33:53Z",
"revision_history": [
{
"date": "2025-10-07T11:33:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.i586",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.i586",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.s390x",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-doc-5.6.9-150000.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40175"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40175",
"url": "https://www.suse.com/security/cve/CVE-2023-40175"
},
{
"category": "external",
"summary": "SUSE Bug 1214425 for CVE-2023-40175",
"url": "https://bugzilla.suse.com/1214425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:33:53Z",
"details": "important"
}
],
"title": "CVE-2023-40175"
},
{
"cve": "CVE-2024-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21647"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21647",
"url": "https://www.suse.com/security/cve/CVE-2024-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1218638 for CVE-2024-21647",
"url": "https://bugzilla.suse.com/1218638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:33:53Z",
"details": "moderate"
}
],
"title": "CVE-2024-21647"
},
{
"cve": "CVE-2024-45614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45614"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45614",
"url": "https://www.suse.com/security/cve/CVE-2024-45614"
},
{
"category": "external",
"summary": "SUSE Bug 1230848 for CVE-2024-45614",
"url": "https://bugzilla.suse.com/1230848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-puma-5.6.9-150000.3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T11:33:53Z",
"details": "moderate"
}
],
"title": "CVE-2024-45614"
}
]
}
RHSA-2024:0797
Vulnerability from csaf_redhat - Published: 2024-02-13 14:45 - Updated: 2025-11-21 18:54Summary
Red Hat Security Advisory: Satellite 6.14.2 Async Security Update
Notes
Topic
Updated Satellite 6.14 packages that fixes Important security bugs and several
regular bugs are now available for Red Hat Satellite.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security fix(es):
* CVE-2023-26049 (puppetserver): Cookie parsing of quoted values can exfiltrate values from other cookies
* CVE-2023-26141 (rubygem-sidekiq): Denial of Service (DoS) in dashboard-charts
* CVE-2023-36479 (puppetserver): Improper addition of quotation marks to user inputs in CgiServlet
* CVE-2023-38545 (puppet-agent): Heap-based buffer overflow in the SOCKS5 proxy handshake
* CVE-2023-40167 (puppetserver): Improper validation of HTTP/1 content-length
* CVE-2023-40175 (rubygem-puma): HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers
* CVE-2023-4785 (rubygem-grpc): File descriptor exhaustion leads to denial of service
* CVE-2023-0809, CVE-2023-28366, CVE-2023-3592 (mosquitto): Memory leak leads to unresponsive broker
This update fixes the following bugs:
2250347 - 'Sun, 11 Jun 2023 17:51:29 GMT' could not be parsed at index 0 at java.time.format.DateTimeFormatter.parseResolved
2254974 - satellite-convert2rhel-toolkit install fails on latest rpm with `/usr/bin/bash: /usr/libexec/satellite-convert2rhel-appliance/action-install.sh: No such file or directory`
2255260 - 6.14 - satellite-convert2rhel-toolkit is part of the satellite module
2257321 - Request for UEFI Kickstart Provisioning to handle naming convention for VLAN tagged interfaces of the format <parent_device>.<vlan_id> in addition to vlan<vlan_id>
2257324 - Generate applicability tasks fails with error "ERROR: insert or update on table "katello_content_facet_errata" violates foreign key constraint "katello_content_facet_errata_ca_id"
2257326 - Show failed resources in failed installation report
2257327 - Puppet reports without any messages don't get an origin
2257329 - Host registration fails with error "Attached to can't be blank" when the VLAN name includes UPPERCASE letters
2257330 - default tuning profile leaves httpd MaxClients 150 which httpd raises a warning
2257331 - Registering host through load balancer causes REX not to know what capsule to choose for 'registered_through'
2257332 - Registration can't find any Capsules when their locations are not assigned to admin user
2257415 - Provisioning vm host fails with error "Failed to attach ISO image to CDROM drive of instance client.example.com: InvalidPowerState: The attempted operation cannot be performed in the current state (Powered on)".
2260525 - [Improvement] RefreshRepos step in Capsule Sync to refresh just repos to sync
2262131 - Unable to sync library/busybox from gcr.io
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.14 packages that fixes Important security bugs and several\nregular bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity fix(es):\n* CVE-2023-26049 (puppetserver): Cookie parsing of quoted values can exfiltrate values from other cookies\n* CVE-2023-26141 (rubygem-sidekiq): Denial of Service (DoS) in dashboard-charts\n* CVE-2023-36479 (puppetserver): Improper addition of quotation marks to user inputs in CgiServlet\n* CVE-2023-38545 (puppet-agent): Heap-based buffer overflow in the SOCKS5 proxy handshake\n* CVE-2023-40167 (puppetserver): Improper validation of HTTP/1 content-length\n* CVE-2023-40175 (rubygem-puma): HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers\n* CVE-2023-4785 (rubygem-grpc): File descriptor exhaustion leads to denial of service\n* CVE-2023-0809, CVE-2023-28366, CVE-2023-3592 (mosquitto): Memory leak leads to unresponsive broker\n\nThis update fixes the following bugs:\n2250347 - \u0027Sun, 11 Jun 2023 17:51:29 GMT\u0027 could not be parsed at index 0 at java.time.format.DateTimeFormatter.parseResolved\n2254974 - satellite-convert2rhel-toolkit install fails on latest rpm with `/usr/bin/bash: /usr/libexec/satellite-convert2rhel-appliance/action-install.sh: No such file or directory`\n2255260 - 6.14 - satellite-convert2rhel-toolkit is part of the satellite module\n2257321 - Request for UEFI Kickstart Provisioning to handle naming convention for VLAN tagged interfaces of the format \u003cparent_device\u003e.\u003cvlan_id\u003e in addition to vlan\u003cvlan_id\u003e\n2257324 - Generate applicability tasks fails with error \"ERROR: insert or update on table \"katello_content_facet_errata\" violates foreign key constraint \"katello_content_facet_errata_ca_id\"\n2257326 - Show failed resources in failed installation report\n2257327 - Puppet reports without any messages don\u0027t get an origin\n2257329 - Host registration fails with error \"Attached to can\u0027t be blank\" when the VLAN name includes UPPERCASE letters\n2257330 - default tuning profile leaves httpd MaxClients 150 which httpd raises a warning\n2257331 - Registering host through load balancer causes REX not to know what capsule to choose for \u0027registered_through\u0027\n2257332 - Registration can\u0027t find any Capsules when their locations are not assigned to admin user\n2257415 - Provisioning vm host fails with error \"Failed to attach ISO image to CDROM drive of instance client.example.com: InvalidPowerState: The attempted operation cannot be performed in the current state (Powered on)\". \n2260525 - [Improvement] RefreshRepos step in Capsule Sync to refresh just repos to sync \n2262131 - Unable to sync library/busybox from gcr.io \n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0797",
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2232729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232729"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "2239010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239010"
},
{
"category": "external",
"summary": "2239017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"
},
{
"category": "external",
"summary": "2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2241933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933"
},
{
"category": "external",
"summary": "2250347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250347"
},
{
"category": "external",
"summary": "2254974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254974"
},
{
"category": "external",
"summary": "2255260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255260"
},
{
"category": "external",
"summary": "2257321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257321"
},
{
"category": "external",
"summary": "2257324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257324"
},
{
"category": "external",
"summary": "2257326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257326"
},
{
"category": "external",
"summary": "2257327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257327"
},
{
"category": "external",
"summary": "2257329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257329"
},
{
"category": "external",
"summary": "2257330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257330"
},
{
"category": "external",
"summary": "2257331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257331"
},
{
"category": "external",
"summary": "2257332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257332"
},
{
"category": "external",
"summary": "2257415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257415"
},
{
"category": "external",
"summary": "2260525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260525"
},
{
"category": "external",
"summary": "2262131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0797.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.2 Async Security Update",
"tracking": {
"current_release_date": "2025-11-21T18:54:13+00:00",
"generator": {
"date": "2025-11-21T18:54:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:0797",
"initial_release_date": "2024-02-13T14:45:57+00:00",
"revision_history": [
{
"date": "2024-02-13T14:45:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T14:45:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:54:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.21-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product_id": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-container@2.14.11-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.3.11-1.el8sat.src",
"product": {
"name": "candlepin-0:4.3.11-1.el8sat.src",
"product_id": "candlepin-0:4.3.11-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.11-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.11-2.el8sat.src",
"product": {
"name": "foreman-0:3.7.0.11-2.el8sat.src",
"product_id": "foreman-0:3.7.0.11-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.11-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "mosquitto-0:2.0.17-1.el8sat.src",
"product": {
"name": "mosquitto-0:2.0.17-1.el8sat.src",
"product_id": "mosquitto-0:2.0.17-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.17-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.27.0-1.el8sat.src",
"product": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src",
"product_id": "puppet-agent-0:7.27.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.27.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppetserver-0:7.14.0-1.el8sat.src",
"product": {
"name": "puppetserver-0:7.14.0-1.el8sat.src",
"product_id": "puppetserver-0:7.14.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.14.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product_id": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_bootdisk@21.2.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product_id": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf@3.24.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product_id": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-grpc@1.58.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product_id": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-kafo@7.2.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product_id": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@6.3.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product_id": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sidekiq@6.5.12-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.2-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.2-1.el8sat.src",
"product_id": "satellite-0:6.14.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.2-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product_id": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.7-1.el8sat?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.21-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product_id": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-container@2.14.11-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.3.11-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.3.11-1.el8sat.noarch",
"product_id": "candlepin-0:4.3.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.3.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product_id": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.14.0-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product_id": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_bootdisk@21.2.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product_id": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-kafo@7.2.0-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product_id": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sidekiq@6.5.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product_id": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.7-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product_id": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.7.0.7-1.el8sat?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debugsource@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debuginfo@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product_id": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.27.0-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf-debugsource@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf-debuginfo@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product_id": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-grpc@1.58.0-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debugsource@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.1-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.14.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.11-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.3.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.11-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src"
},
"product_reference": "candlepin-0:4.3.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.14.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src"
},
"product_reference": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src"
},
"product_reference": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src"
},
"product_reference": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
},
"product_reference": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src"
},
"product_reference": "rubygem-puma-0:6.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch"
},
"product_reference": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
},
"product_reference": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0809",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0809"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-3592",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3592"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-4785",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC. Lack of error handling in the TCP server in Google\u0027s gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gRPC: file descriptor exhaustion leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4785"
},
{
"category": "external",
"summary": "RHBZ#2239017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4785"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-p25m-jpj4-qcrr",
"url": "https://github.com/advisories/GHSA-p25m-jpj4-qcrr"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33656",
"url": "https://github.com/grpc/grpc/pull/33656"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33667",
"url": "https://github.com/grpc/grpc/pull/33667"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33669",
"url": "https://github.com/grpc/grpc/pull/33669"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33670",
"url": "https://github.com/grpc/grpc/pull/33670"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33672",
"url": "https://github.com/grpc/grpc/pull/33672"
}
],
"release_date": "2023-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gRPC: file descriptor exhaustion leads to denial of service"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-26141",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239010"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sidekiq: DoS in dashboard-charts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26141"
},
{
"category": "external",
"summary": "RHBZ#2239010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26141"
},
{
"category": "external",
"summary": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89",
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
],
"release_date": "2023-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sidekiq: DoS in dashboard-charts"
},
{
"cve": "CVE-2023-28366",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28366"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-36479",
"cwe": {
"id": "CWE-149",
"name": "Improper Neutralization of Quoting Syntax"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36479"
},
{
"category": "external",
"summary": "RHBZ#2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
},
{
"acknowledgments": [
{
"names": [
"Jay Satiro"
]
}
],
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-10-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241933"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: heap based buffer overflow in the SOCKS5 proxy handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect the versions of curl as shipped with Red Hat Enterprise Linux 6, 7, and 8.\n\nAn overflow is only possible in applications that do not set `CURLOPT_BUFFERSIZE`, or set it smaller than approximately 65kB. Since the curl tool sets `CURLOPT_BUFFERSIZE` to 100kB by default, it is not vulnerable unless rate limiting was set by the user to a size smaller than 65kB.\n\nKnowledgebase article:\n\nhttps://access.redhat.com/solutions/7045099",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38545"
},
{
"category": "external",
"summary": "RHBZ#2241933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-38545.html",
"url": "https://curl.se/docs/CVE-2023-38545.html"
}
],
"release_date": "2023-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
},
{
"category": "workaround",
"details": "To avoid this issue, we recommend you do not use `CURLPROXY_SOCKS5_HOSTNAME` proxies with curl. Also do not set a proxy environment variable to socks5h://",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "curl: heap based buffer overflow in the SOCKS5 proxy handshake"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-40175",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232729"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40175"
},
{
"category": "external",
"summary": "RHBZ#2232729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232729"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175"
},
{
"category": "external",
"summary": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
}
],
"release_date": "2023-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers"
}
]
}
RHSA-2024_0797
Vulnerability from csaf_redhat - Published: 2024-02-13 14:45 - Updated: 2024-12-10 16:44Summary
Red Hat Security Advisory: Satellite 6.14.2 Async Security Update
Notes
Topic
Updated Satellite 6.14 packages that fixes Important security bugs and several
regular bugs are now available for Red Hat Satellite.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security fix(es):
* CVE-2023-26049 (puppetserver): Cookie parsing of quoted values can exfiltrate values from other cookies
* CVE-2023-26141 (rubygem-sidekiq): Denial of Service (DoS) in dashboard-charts
* CVE-2023-36479 (puppetserver): Improper addition of quotation marks to user inputs in CgiServlet
* CVE-2023-38545 (puppet-agent): Heap-based buffer overflow in the SOCKS5 proxy handshake
* CVE-2023-40167 (puppetserver): Improper validation of HTTP/1 content-length
* CVE-2023-40175 (rubygem-puma): HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers
* CVE-2023-4785 (rubygem-grpc): File descriptor exhaustion leads to denial of service
* CVE-2023-0809, CVE-2023-28366, CVE-2023-3592 (mosquitto): Memory leak leads to unresponsive broker
This update fixes the following bugs:
2250347 - 'Sun, 11 Jun 2023 17:51:29 GMT' could not be parsed at index 0 at java.time.format.DateTimeFormatter.parseResolved
2254974 - satellite-convert2rhel-toolkit install fails on latest rpm with `/usr/bin/bash: /usr/libexec/satellite-convert2rhel-appliance/action-install.sh: No such file or directory`
2255260 - 6.14 - satellite-convert2rhel-toolkit is part of the satellite module
2257321 - Request for UEFI Kickstart Provisioning to handle naming convention for VLAN tagged interfaces of the format <parent_device>.<vlan_id> in addition to vlan<vlan_id>
2257324 - Generate applicability tasks fails with error "ERROR: insert or update on table "katello_content_facet_errata" violates foreign key constraint "katello_content_facet_errata_ca_id"
2257326 - Show failed resources in failed installation report
2257327 - Puppet reports without any messages don't get an origin
2257329 - Host registration fails with error "Attached to can't be blank" when the VLAN name includes UPPERCASE letters
2257330 - default tuning profile leaves httpd MaxClients 150 which httpd raises a warning
2257331 - Registering host through load balancer causes REX not to know what capsule to choose for 'registered_through'
2257332 - Registration can't find any Capsules when their locations are not assigned to admin user
2257415 - Provisioning vm host fails with error "Failed to attach ISO image to CDROM drive of instance client.example.com: InvalidPowerState: The attempted operation cannot be performed in the current state (Powered on)".
2260525 - [Improvement] RefreshRepos step in Capsule Sync to refresh just repos to sync
2262131 - Unable to sync library/busybox from gcr.io
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.14 packages that fixes Important security bugs and several\nregular bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity fix(es):\n* CVE-2023-26049 (puppetserver): Cookie parsing of quoted values can exfiltrate values from other cookies\n* CVE-2023-26141 (rubygem-sidekiq): Denial of Service (DoS) in dashboard-charts\n* CVE-2023-36479 (puppetserver): Improper addition of quotation marks to user inputs in CgiServlet\n* CVE-2023-38545 (puppet-agent): Heap-based buffer overflow in the SOCKS5 proxy handshake\n* CVE-2023-40167 (puppetserver): Improper validation of HTTP/1 content-length\n* CVE-2023-40175 (rubygem-puma): HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers\n* CVE-2023-4785 (rubygem-grpc): File descriptor exhaustion leads to denial of service\n* CVE-2023-0809, CVE-2023-28366, CVE-2023-3592 (mosquitto): Memory leak leads to unresponsive broker\n\nThis update fixes the following bugs:\n2250347 - \u0027Sun, 11 Jun 2023 17:51:29 GMT\u0027 could not be parsed at index 0 at java.time.format.DateTimeFormatter.parseResolved\n2254974 - satellite-convert2rhel-toolkit install fails on latest rpm with `/usr/bin/bash: /usr/libexec/satellite-convert2rhel-appliance/action-install.sh: No such file or directory`\n2255260 - 6.14 - satellite-convert2rhel-toolkit is part of the satellite module\n2257321 - Request for UEFI Kickstart Provisioning to handle naming convention for VLAN tagged interfaces of the format \u003cparent_device\u003e.\u003cvlan_id\u003e in addition to vlan\u003cvlan_id\u003e\n2257324 - Generate applicability tasks fails with error \"ERROR: insert or update on table \"katello_content_facet_errata\" violates foreign key constraint \"katello_content_facet_errata_ca_id\"\n2257326 - Show failed resources in failed installation report\n2257327 - Puppet reports without any messages don\u0027t get an origin\n2257329 - Host registration fails with error \"Attached to can\u0027t be blank\" when the VLAN name includes UPPERCASE letters\n2257330 - default tuning profile leaves httpd MaxClients 150 which httpd raises a warning\n2257331 - Registering host through load balancer causes REX not to know what capsule to choose for \u0027registered_through\u0027\n2257332 - Registration can\u0027t find any Capsules when their locations are not assigned to admin user\n2257415 - Provisioning vm host fails with error \"Failed to attach ISO image to CDROM drive of instance client.example.com: InvalidPowerState: The attempted operation cannot be performed in the current state (Powered on)\". \n2260525 - [Improvement] RefreshRepos step in Capsule Sync to refresh just repos to sync \n2262131 - Unable to sync library/busybox from gcr.io \n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0797",
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2232729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232729"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "2239010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239010"
},
{
"category": "external",
"summary": "2239017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"
},
{
"category": "external",
"summary": "2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2241933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933"
},
{
"category": "external",
"summary": "2250347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250347"
},
{
"category": "external",
"summary": "2254974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254974"
},
{
"category": "external",
"summary": "2255260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255260"
},
{
"category": "external",
"summary": "2257321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257321"
},
{
"category": "external",
"summary": "2257324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257324"
},
{
"category": "external",
"summary": "2257326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257326"
},
{
"category": "external",
"summary": "2257327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257327"
},
{
"category": "external",
"summary": "2257329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257329"
},
{
"category": "external",
"summary": "2257330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257330"
},
{
"category": "external",
"summary": "2257331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257331"
},
{
"category": "external",
"summary": "2257332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257332"
},
{
"category": "external",
"summary": "2257415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257415"
},
{
"category": "external",
"summary": "2260525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260525"
},
{
"category": "external",
"summary": "2262131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0797.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.2 Async Security Update",
"tracking": {
"current_release_date": "2024-12-10T16:44:47+00:00",
"generator": {
"date": "2024-12-10T16:44:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0797",
"initial_release_date": "2024-02-13T14:45:57+00:00",
"revision_history": [
{
"date": "2024-02-13T14:45:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T14:45:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:44:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.21-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product_id": "python-pulp-container-0:2.14.11-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-container@2.14.11-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.3.11-1.el8sat.src",
"product": {
"name": "candlepin-0:4.3.11-1.el8sat.src",
"product_id": "candlepin-0:4.3.11-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.11-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.11-2.el8sat.src",
"product": {
"name": "foreman-0:3.7.0.11-2.el8sat.src",
"product_id": "foreman-0:3.7.0.11-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.11-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "mosquitto-0:2.0.17-1.el8sat.src",
"product": {
"name": "mosquitto-0:2.0.17-1.el8sat.src",
"product_id": "mosquitto-0:2.0.17-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.17-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.27.0-1.el8sat.src",
"product": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src",
"product_id": "puppet-agent-0:7.27.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.27.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppetserver-0:7.14.0-1.el8sat.src",
"product": {
"name": "puppetserver-0:7.14.0-1.el8sat.src",
"product_id": "puppetserver-0:7.14.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.14.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product_id": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_bootdisk@21.2.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product_id": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf@3.24.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product_id": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-grpc@1.58.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product_id": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-kafo@7.2.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product_id": "rubygem-puma-0:6.3.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@6.3.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product_id": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sidekiq@6.5.12-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.2-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.2-1.el8sat.src",
"product_id": "satellite-0:6.14.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.2-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product_id": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.7-1.el8sat?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.21-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product_id": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-container@2.14.11-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.3.11-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.3.11-1.el8sat.noarch",
"product_id": "candlepin-0:4.3.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.3.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product_id": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.7.0.11-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product_id": "puppetserver-0:7.14.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.14.0-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product_id": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_bootdisk@21.2.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product_id": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-kafo@7.2.0-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product_id": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sidekiq@6.5.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.2-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.2-1.el8sat.noarch",
"product_id": "satellite-0:6.14.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product_id": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.7-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product_id": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.7.0.7-1.el8sat?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debugsource@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product_id": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debuginfo@2.0.17-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product_id": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.27.0-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf-debugsource@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product": {
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product_id": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-google-protobuf-debuginfo@3.24.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product_id": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-grpc@1.58.0-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debugsource@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product": {
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product_id": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@6.3.1-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.1-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.14.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.11-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.3.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.11-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src"
},
"product_reference": "candlepin-0:4.3.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.3.11-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.11-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.11-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.7-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.27.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.27.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.14.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.14.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.14.11-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.14.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.14.11-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src"
},
"product_reference": "rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src"
},
"product_reference": "rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64"
},
"product_reference": "rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src"
},
"product_reference": "rubygem-grpc-0:1.58.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
},
"product_reference": "rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-kafo-0:7.2.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src"
},
"product_reference": "rubygem-kafo-0:7.2.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.21-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.21-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src"
},
"product_reference": "rubygem-puma-0:6.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
},
"product_reference": "rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch"
},
"product_reference": "rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sidekiq-0:6.5.12-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
},
"product_reference": "rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0809",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0809"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-3592",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3592"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-4785",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC. Lack of error handling in the TCP server in Google\u0027s gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gRPC: file descriptor exhaustion leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4785"
},
{
"category": "external",
"summary": "RHBZ#2239017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4785"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-p25m-jpj4-qcrr",
"url": "https://github.com/advisories/GHSA-p25m-jpj4-qcrr"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33656",
"url": "https://github.com/grpc/grpc/pull/33656"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33667",
"url": "https://github.com/grpc/grpc/pull/33667"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33669",
"url": "https://github.com/grpc/grpc/pull/33669"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33670",
"url": "https://github.com/grpc/grpc/pull/33670"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc/pull/33672",
"url": "https://github.com/grpc/grpc/pull/33672"
}
],
"release_date": "2023-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gRPC: file descriptor exhaustion leads to denial of service"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-26141",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239010"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sidekiq: DoS in dashboard-charts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26141"
},
{
"category": "external",
"summary": "RHBZ#2239010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26141"
},
{
"category": "external",
"summary": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89",
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
],
"release_date": "2023-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sidekiq: DoS in dashboard-charts"
},
{
"cve": "CVE-2023-28366",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236882"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: memory leak leads to unresponsive broker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28366"
},
{
"category": "external",
"summary": "RHBZ#2236882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9",
"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"
}
],
"release_date": "2023-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mosquitto: memory leak leads to unresponsive broker"
},
{
"cve": "CVE-2023-36479",
"cwe": {
"id": "CWE-149",
"name": "Improper Neutralization of Quoting Syntax"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36479"
},
{
"category": "external",
"summary": "RHBZ#2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
},
{
"acknowledgments": [
{
"names": [
"Jay Satiro"
]
}
],
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-10-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241933"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: heap based buffer overflow in the SOCKS5 proxy handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect the versions of curl as shipped with Red Hat Enterprise Linux 6, 7, and 8.\n\nAn overflow is only possible in applications that do not set `CURLOPT_BUFFERSIZE`, or set it smaller than approximately 65kB. Since the curl tool sets `CURLOPT_BUFFERSIZE` to 100kB by default, it is not vulnerable unless rate limiting was set by the user to a size smaller than 65kB.\n\nKnowledgebase article:\n\nhttps://access.redhat.com/solutions/7045099",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38545"
},
{
"category": "external",
"summary": "RHBZ#2241933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-38545.html",
"url": "https://curl.se/docs/CVE-2023-38545.html"
}
],
"release_date": "2023-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
},
{
"category": "workaround",
"details": "To avoid this issue, we recommend you do not use `CURLPROXY_SOCKS5_HOSTNAME` proxies with curl. Also do not set a proxy environment variable to socks5h://",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "curl: heap based buffer overflow in the SOCKS5 proxy handshake"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-40175",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232729"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40175"
},
{
"category": "external",
"summary": "RHBZ#2232729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232729"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175"
},
{
"category": "external",
"summary": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
}
],
"release_date": "2023-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T14:45:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0797"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.11-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.11-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.11-2.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.7-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.7-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.11-2.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.17-1.el8sat.x86_64",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.src",
"8Base-satellite-6.14:puppet-agent-0:7.27.0-1.el8sat.x86_64",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.noarch",
"8Base-satellite-6.14:puppetserver-0:7.14.0-1.el8sat.src",
"8Base-satellite-6.14:python-pulp-container-0:2.14.11-1.el8pc.src",
"8Base-satellite-6.14:python39-pulp-container-0:2.14.11-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_bootdisk-0:21.2.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-google-protobuf-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debuginfo-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-google-protobuf-debugsource-0:3.24.3-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-grpc-0:1.58.0-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-kafo-0:7.2.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.21-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.src",
"8Base-satellite-6.14:rubygem-puma-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debuginfo-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-puma-debugsource-0:6.3.1-1.el8sat.x86_64",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-sidekiq-0:6.5.12-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.2-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.2-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.1-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers"
}
]
}
FKIE_CVE-2023-40175
Vulnerability from fkie_nvd - Published: 2023-08-18 22:15 - Updated: 2024-11-21 08:18
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "2C1EAED4-2740-4325-B155-DA1EAB8C2FD1",
"versionEndExcluding": "5.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "3FEE1A57-B890-43B7-98FB-3ACFD1F2818E",
"versionEndExcluding": "6.3.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Puma es un servidor web Ruby/Rack construido para paralelismo. Antes de las versiones 6.3.1 y 5.6.7, Puma mostraba un comportamiento incorrecto al analizar cuerpos de codificaci\u00f3n de transferencia en trozos y cabeceras Content-Length de longitud cero de forma que permit\u00eda el contrabando de peticiones HTTP. La gravedad de este problema depende en gran medida de la naturaleza del sitio web que utiliza Puma. Esto podr\u00eda ser causado por un an\u00e1lisis incorrecto de los campos finales en los cuerpos de codificaci\u00f3n de transferencia en trozos o por el an\u00e1lisis de cabeceras Content-Length en blanco/longitud cero. Ambos problemas han sido solucionados y esta vulnerabilidad ha sido corregida en las versiones 6.3.1 y 5.6.7.Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad. "
}
],
"id": "CVE-2023-40175",
"lastModified": "2024-11-21T08:18:55.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-18T22:15:11.653",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GSD-2023-40175
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40175",
"id": "GSD-2023-40175"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40175"
],
"details": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"id": "GSD-2023-40175",
"modified": "2023-12-13T01:20:43.526342Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-40175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puma",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 5.6.7"
},
{
"version_affected": "=",
"version_value": "\u003e= 6.0.0, \u003c 6.3.1"
}
]
}
}
]
},
"vendor_name": "puma"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-444",
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"refsource": "MISC",
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"name": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a",
"refsource": "MISC",
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
}
]
},
"source": {
"advisory": "GHSA-68xg-gqqm-vgj8",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-40175"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
},
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-24T18:48Z",
"publishedDate": "2023-08-18T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…