RHSA-2024:7987MediumCVSS 7.5
Red Hat Security Advisory: Satellite 6.15.4 Security Update
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-1135 — python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers CVE-2024-24790 — golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-26130 — python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override CVE-2024-41991 — python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2024:7987
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2269617
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275280
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292787
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2302435
- externalhttps://issues.redhat.com/browse/SAT-25848
- externalhttps://issues.redhat.com/browse/SAT-27294
- externalhttps://issues.redhat.com/browse/SAT-27295
- externalhttps://issues.redhat.com/browse/SAT-27296
- externalhttps://issues.redhat.com/browse/SAT-27299
- externalhttps://issues.redhat.com/browse/SAT-27950
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7987.json