RHSA-2023:5979
- Source
- https://access.redhat.com/errata/RHSA-2023:5979
- Import Source
- https://security.access.redhat.com/data/osv/RHSA-2023:5979.json
- JSON Data
- https://api.osv.dev/v1/vulns/RHSA-2023:5979
- Related
- Published
- 2024-10-02T11:23:56Z
- Modified
- 2024-10-31T05:22:13Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update
- Details
- References
-
- https://access.redhat.com/errata/RHSA-2023:5979
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite/index
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- https://bugzilla.redhat.com/show_bug.cgi?id=2081494
- https://bugzilla.redhat.com/show_bug.cgi?id=2097310
- https://bugzilla.redhat.com/show_bug.cgi?id=2140577
- https://bugzilla.redhat.com/show_bug.cgi?id=2159291
- https://bugzilla.redhat.com/show_bug.cgi?id=2159672
- https://bugzilla.redhat.com/show_bug.cgi?id=2162970
- https://bugzilla.redhat.com/show_bug.cgi?id=2169385
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5979.json
- https://access.redhat.com/security/cve/CVE-2022-1292
- https://www.cve.org/CVERecord?id=CVE-2022-1292
- https://nvd.nist.gov/vuln/detail/CVE-2022-1292
- https://www.openssl.org/news/secadv/20220503.txt
- https://access.redhat.com/security/cve/CVE-2022-2068
- https://www.cve.org/CVERecord?id=CVE-2022-2068
- https://nvd.nist.gov/vuln/detail/CVE-2022-2068
- https://www.openssl.org/news/secadv/20220621.txt
- https://access.redhat.com/security/cve/CVE-2022-3874
- https://www.cve.org/CVERecord?id=CVE-2022-3874
- https://nvd.nist.gov/vuln/detail/CVE-2022-3874
- https://access.redhat.com/security/cve/CVE-2022-46648
- https://www.cve.org/CVERecord?id=CVE-2022-46648
- https://nvd.nist.gov/vuln/detail/CVE-2022-46648
- https://jvn.jp/en/jp/JVN16765254/
- https://access.redhat.com/security/cve/CVE-2022-47318
- https://www.cve.org/CVERecord?id=CVE-2022-47318
- https://nvd.nist.gov/vuln/detail/CVE-2022-47318
- https://access.redhat.com/security/cve/CVE-2023-0118
- https://www.cve.org/CVERecord?id=CVE-2023-0118
- https://nvd.nist.gov/vuln/detail/CVE-2023-0118
- https://access.redhat.com/security/cve/CVE-2023-0462
- https://www.cve.org/CVERecord?id=CVE-2023-0462
- https://nvd.nist.gov/vuln/detail/CVE-2023-0462
- https://access.redhat.com/security/cve/CVE-2023-39325
- https://www.cve.org/CVERecord?id=CVE-2023-39325
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325
- https://access.redhat.com/security/cve/CVE-2023-44487
- https://go.dev/issue/63417
- https://pkg.go.dev/vuln/GO-2023-2102
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
- https://www.cve.org/CVERecord?id=CVE-2023-44487
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487
- https://github.com/dotnet/announcements/issues/277
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Affected packages
Red Hat:satellite_capsule:6.12::el8 / puppet-agent
Package
- Name
- puppet-agent
- Purl
- pkg:rpm/redhat/puppet-agent
Red Hat:satellite:6.12::el8 / puppet-agent
Package
- Name
- puppet-agent
- Purl
- pkg:rpm/redhat/puppet-agent
Red Hat:satellite_capsule:6.12::el8 / foreman
Package
- Name
- foreman
- Purl
- pkg:rpm/redhat/foreman
Red Hat:satellite_utils:6.12::el8 / foreman
Package
- Name
- foreman
- Purl
- pkg:rpm/redhat/foreman
Red Hat:satellite:6.12::el8 / foreman
Package
- Name
- foreman
- Purl
- pkg:rpm/redhat/foreman
Red Hat:satellite:6.12::el8 / rubygem-git
Package
- Name
- rubygem-git
- Purl
- pkg:rpm/redhat/rubygem-git
Red Hat:satellite:6.12::el8 / rubygem-safemode
Package
- Name
- rubygem-safemode
- Purl
- pkg:rpm/redhat/rubygem-safemode