Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1151: Red Hat Security Advisory: Satellite 6.11.5 Async Security Update

Updated Satellite 6.11 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32224: An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.
Red Hat Security Data
#linux#red_hat#rce#ruby#rpm#docker

Synopsis

Critical: Satellite 6.11.5 Async Security Update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Satellite 6.11 packages that fixes critical security bugs and several
regular bugs are now available for Red Hat Satellite.

Description

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):

tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)

This update fixes the following bugs:

2153877 - The “Documentation” button on Satellite 6.11 for “Provisioning Templates” page is pointing to 404 Page Not Found link
2161929 - Locale change caused by RHEL upgrade results in database index corruption “get() returned more than one Modulemd – it returned 2!”
2166747 - unable to install satellite 6.11 on rhel8.8 - ansible-core version is too new
2166748 - Entitlement certificate is missing content section for a custom product
2166749 - Sync container images of existing docker type repositories fail with 404 - Not found
2166750 - Another deadlock issue when syncing repos with high concurrency
2166756 - Inspecting an image with skopeo no longer works on Capsules
2166757 - Content view filter included errata not in the filter date range
2166759 - Content view filter will include module streams of other repos/arches if the errata contain rpms in different repos/arches.
2166760 - Even in 6.11.1, sync summary email notification shows the incorrect summary for newly added errata.
2166761 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500
2166762 - Insights recommendation sync failing in Satelliite
2170874 - Satellite-clone not working if ansible-core 2.13 is installed

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Satellite 6.11 for RHEL 8 x86_64
  • Red Hat Satellite 6.11 for RHEL 7 x86_64
  • Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64
  • Red Hat Satellite Capsule 6.11 for RHEL 7 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

  • BZ - 2108997 - CVE-2022-32224 activerecord: Possible RCE escalation bug with Serialized Columns in Active Record
  • BZ - 2153877 - The “Documentation” button on Satellite 6.11 for “Provisioning Templates” page is pointing to 404 Page Not Found link
  • BZ - 2161929 - Locale change caused by RHEL upgrade results in database index corruption “get() returned more than one Modulemd – it returned 2!”
  • BZ - 2166747 - unable to install satellite 6.11 on rhel8.8 - ansible-core version is too new
  • BZ - 2166748 - Entitlement certificate is missing content section for a custom product
  • BZ - 2166749 - Sync container images of existing docker type repositories fail with 404 - Not found
  • BZ - 2166750 - Another deadlock issue when syncing repos with high concurrency
  • BZ - 2166756 - Inspecting an image with skopeo no longer works on Capsules
  • BZ - 2166757 - Content view filter included errata not in the filter date range
  • BZ - 2166759 - Content view filter will include module streams of other repos/arches if the errata contain rpms in different repos/arches.
  • BZ - 2166760 - Even in 6.11.1, sync summary email notification shows the incorrect summary for newly added errata.
  • BZ - 2166761 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500
  • BZ - 2166762 - Insights recommendation sync failing in Satelliite
  • BZ - 2170874 - Satellite-clone not working if ansible-core 2.13 is installed

Related news

Gentoo Linux Security Advisory 202408-24

Gentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.

Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-1151-01

Red Hat Security Advisory 2023-1151-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Red Hat Security Advisory 2023-0261-02

Red Hat Security Advisory 2023-0261-02 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

RHSA-2023:0261: Red Hat Security Advisory: Satellite 6.12.1 Async Security Update

Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32224: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record * CVE-2022-42889: apache-commons-text: variable interpolation RCE

CVE-2022-32224: [CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

CVE-2022-36006: Arvados 2.4.2 Release Notes

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.

GHSA-3hhc-qp5v-9p2j: RCE bug with Serialized Columns in Active Record

When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.