发布于3月6日3月6日 Members Red Hat: CVE-2023-22792: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References DSA-5372 CVE-2023-22792
