RLSA-2022:8506 --- libdbID: oval:org.secpod.oval:def:4501094 | Date: (C)2023-03-23 (M)2024-04-17 |
Class: PATCH | Family: unix |
Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix: * netty-codec: Bzip2Decoder doesn"t allow setting size restrictions for decompressed data * netty-codec: SnappyFrameDecoder doesn"t restrict chunk length and may buffer skippable chunks in an unnecessary way * python3-django: Possible XSS via template tag * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection * rubygem-rails-html-sanitizer: Possible XSS with certain configurations * python3-django: Potential SQL injection via Trunc and Extract arguments For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document.