Headline
Red Hat Security Advisory 2024-2011-03
Red Hat Security Advisory 2024-2011-03 - Updated Satellite Client packages that fixes Important security bugs and regular bugs are now available for Red Hat Satellite. Issues addressed include a buffer overflow vulnerability.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2011.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite Client Async Security Update
Advisory ID: RHSA-2024:2011-03
Product: Red Hat Satellite Client
Advisory URL: https://access.redhat.com/errata/RHSA-2024:2011
Issue date: 2024-04-23
Revision: 03
CVE Names: CVE-2023-38545
====================================================================
Summary:
Updated Satellite Client packages that fixes Important security bugs and regular bugs are now available for Red Hat Satellite.
Description:
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security fix:
- puppet-agent: curl heap based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-38545
References:
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1992229
https://bugzilla.redhat.com/show_bug.cgi?id=2241933
Related news
Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in
Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]
Red Hat Security Advisory 2023-5700-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.
Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.
Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.
The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023. This includes a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges