RedHat: RHSA-2023-1486:01 Important: Red Hat Gluster Storage web-admin-build
Summary
Grafana is an open source, feature rich metrics dashboard and graph editor
for Graphite, InfluxDB & OpenTSDB.
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as much
as possible and adhering to the DRY (Don't Repeat Yourself) principle.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
Security Fix(es):
* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)
* rubygem-rack: crafted requests can cause shell escape sequences
(CVE-2022-30123)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)
* rubygem-rack: crafted multipart POST request may cause a DoS
(CVE-2022-30122)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-24790 https://access.redhat.com/security/cve/CVE-2022-30122 https://access.redhat.com/security/cve/CVE-2022-30123 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-31163 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Gluster 3.5 Web Administration on RHEL-7:
Source:
grafana-5.2.4-6.el7rhgs.src.rpm
python-django-1.11.27-4.el7rhgs.src.rpm
ruby-2.4.9-94.el7rhgs.src.rpm
rubygem-activemodel-5.2.0-1.el7rhgs.src.rpm
rubygem-activesupport-5.2.0-1.el7rhgs.src.rpm
rubygem-bcrypt-3.1.12-2.el7rhgs.src.rpm
rubygem-concurrent-ruby-1.1.9-1.el7rhgs.src.rpm
rubygem-i18n-1.9.1-1.el7rhgs.src.rpm
rubygem-mustermann-1.0.3-1.el7rhgs.src.rpm
rubygem-nio4r-2.3.1-2.el7rhgs.src.rpm
rubygem-puma-4.3.12-1.el7rhgs.src.rpm
rubygem-rack-2.2.4-1.el7rhgs.src.rpm
rubygem-rack-protection-2.2.0-1.el7rhgs.src.rpm
rubygem-sinatra-2.2.0-1.el7rhgs.src.rpm
rubygem-thread_safe-0.3.6-1.el7rhgs.src.rpm
rubygem-tilt-2.0.11-1.el7rhgs.src.rpm
rubygem-tzinfo-1.2.10-1.el7rhgs.src.rpm
noarch:
python-django-bash-completion-1.11.27-4.el7rhgs.noarch.rpm
python2-django-1.11.27-4.el7rhgs.noarch.rpm
python2-django-doc-1.11.27-4.el7rhgs.noarch.rpm
ruby-doc-2.4.9-94.el7rhgs.noarch.rpm
ruby-irb-2.4.9-94.el7rhgs.noarch.rpm
rubygem-activemodel-5.2.0-1.el7rhgs.noarch.rpm
rubygem-activemodel-doc-5.2.0-1.el7rhgs.noarch.rpm
rubygem-activesupport-5.2.0-1.el7rhgs.noarch.rpm
rubygem-activesupport-doc-5.2.0-1.el7rhgs.noarch.rpm
rubygem-bcrypt-doc-3.1.12-2.el7rhgs.noarch.rpm
rubygem-concurrent-ruby-1.1.9-1.el7rhgs.noarch.rpm
rubygem-concurrent-ruby-doc-1.1.9-1.el7rhgs.noarch.rpm
rubygem-i18n-1.9.1-1.el7rhgs.noarch.rpm
rubygem-i18n-doc-1.9.1-1.el7rhgs.noarch.rpm
rubygem-minitest-5.10.1-94.el7rhgs.noarch.rpm
rubygem-mustermann-1.0.3-1.el7rhgs.noarch.rpm
rubygem-mustermann-doc-1.0.3-1.el7rhgs.noarch.rpm
rubygem-nio4r-doc-2.3.1-2.el7rhgs.noarch.rpm
rubygem-power_assert-0.4.1-94.el7rhgs.noarch.rpm
rubygem-puma-doc-4.3.12-1.el7rhgs.noarch.rpm
rubygem-rack-2.2.4-1.el7rhgs.noarch.rpm
rubygem-rack-doc-2.2.4-1.el7rhgs.noarch.rpm
rubygem-rack-protection-2.2.0-1.el7rhgs.noarch.rpm
rubygem-rack-protection-doc-2.2.0-1.el7rhgs.noarch.rpm
rubygem-rake-12.0.0-94.el7rhgs.noarch.rpm
rubygem-rdoc-5.0.1-94.el7rhgs.noarch.rpm
rubygem-sinatra-2.2.0-1.el7rhgs.noarch.rpm
rubygem-sinatra-doc-2.2.0-1.el7rhgs.noarch.rpm
rubygem-test-unit-3.2.3-94.el7rhgs.noarch.rpm
rubygem-thread_safe-0.3.6-1.el7rhgs.noarch.rpm
rubygem-thread_safe-doc-0.3.6-1.el7rhgs.noarch.rpm
rubygem-tilt-2.0.11-1.el7rhgs.noarch.rpm
rubygem-tilt-doc-2.0.11-1.el7rhgs.noarch.rpm
rubygem-tzinfo-1.2.10-1.el7rhgs.noarch.rpm
rubygem-tzinfo-doc-1.2.10-1.el7rhgs.noarch.rpm
rubygem-xmlrpc-0.2.1-94.el7rhgs.noarch.rpm
rubygems-2.6.14.4-94.el7rhgs.noarch.rpm
rubygems-devel-2.6.14.4-94.el7rhgs.noarch.rpm
x86_64:
grafana-5.2.4-6.el7rhgs.x86_64.rpm
ruby-2.4.9-94.el7rhgs.x86_64.rpm
ruby-debuginfo-2.4.9-94.el7rhgs.x86_64.rpm
ruby-devel-2.4.9-94.el7rhgs.x86_64.rpm
ruby-libs-2.4.9-94.el7rhgs.x86_64.rpm
rubygem-bcrypt-3.1.12-2.el7rhgs.x86_64.rpm
rubygem-bcrypt-debuginfo-3.1.12-2.el7rhgs.x86_64.rpm
rubygem-bigdecimal-1.3.2-94.el7rhgs.x86_64.rpm
rubygem-did_you_mean-1.1.0-94.el7rhgs.x86_64.rpm
rubygem-io-console-0.4.6-94.el7rhgs.x86_64.rpm
rubygem-json-2.0.4-94.el7rhgs.x86_64.rpm
rubygem-net-telnet-0.1.1-94.el7rhgs.x86_64.rpm
rubygem-nio4r-2.3.1-2.el7rhgs.x86_64.rpm
rubygem-nio4r-debuginfo-2.3.1-2.el7rhgs.x86_64.rpm
rubygem-openssl-2.0.9-94.el7rhgs.x86_64.rpm
rubygem-psych-2.2.2-94.el7rhgs.x86_64.rpm
rubygem-puma-4.3.12-1.el7rhgs.x86_64.rpm
rubygem-puma-debuginfo-4.3.12-1.el7rhgs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Gluster 3.5 Web Administration on RHEL-7 - noarch, x86_64
Bugs Fixed
2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities
2099519 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS
2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2110551 - CVE-2022-31163 rubygem-tzinfo: arbitrary code execution