RHSA-2022:5498MediumCVSS 9.4

Red Hat Security Advisory: Satellite 6.11 Release

Published
July 5, 2022
Last Modified
June 26, 2026

🔗 CVE IDs covered (28)

📋 Description

CVE-2021-3200 — libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c CVE-2021-3584 — foreman: Authenticate remote code execution through Sendmail configuration CVE-2021-4142 — Satellite: Allow unintended SCA certificate to authenticate Candlepin CVE-2021-21290 — netty: Information disclosure via the local system temporary directory CVE-2021-21295 — netty: possible request smuggling in HTTP/2 due missing validation CVE-2021-21409 — netty: Request smuggling via content-length header CVE-2021-30151 — sidekiq: XSS via the queue name of the live-poll feature CVE-2021-32839 — python-sqlparse: ReDoS via regular expression in StripComments filter CVE-2021-33928 — libsolv: heap-based buffer overflow in pool_installable() in src/repo.h CVE-2021-33929 — libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h CVE-2021-33930 — libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h CVE-2021-33938 — libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c CVE-2021-41136 — rubygem-puma: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma CVE-2021-42550 — logback: remote code execution through JNDI call from within its configuration file CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2021-43818 — python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-44420 — django: potential bypass of an upstream access control based on URL paths CVE-2021-44568 — libsolv: heap-overflows in resolve_dependencies function CVE-2021-45115 — django: Denial-of-service possibility in UserAttributeSimilarityValidator CVE-2021-45116 — django: Potential information disclosure in dictsort template filter CVE-2021-45452 — django: Potential directory-traversal via Storage.save() CVE-2022-22818 — django: Possible XSS via '{% debug %}' template tag CVE-2022-23633 — rubygem-actionpack: information leak between requests CVE-2022-23634 — rubygem-puma: rubygem-rails: information leak between requests CVE-2022-23833 — django: Denial-of-service possibility in file uploads CVE-2022-23837 — sidekiq: WebUI Denial of Service caused by number of days on graph CVE-2022-28346 — Django: SQL injection in QuerySet.annotate(),aggregate() and extra() CVE-2022-28347 — Django: SQL injection via QuerySet.explain(options) on PostgreSQL

🔗 References (478)