RLSA-2022:8506

Source
https://errata.rockylinux.org/RLSA-2022:8506
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2022:8506.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2022:8506
Related
Published
2022-11-16T13:21:30Z
Modified
2023-02-02T12:54:11.163643Z
Summary
Important: Satellite 6.12 Release
Details

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * python3-django: Possible XSS via template tag (CVE-2022-22818) * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836) * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970) * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648) * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209) * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / libdb

Package

Name
libdb
Purl
pkg:rpm/rocky-linux/libdb?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.3.28-42.el8_4