CVE-2022-40643 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.

Red Hat has announced the availability of an update for Red Hat Satellite 5.6. Red Hat recommends that users apply this update as soon as possible. Red Hat has also provided details regarding mitigations against the CVE-2017-11137 critical vulnerability. In addition, Red Hat has provided details regarding mitigations against the critical vulnerability CVE-2017-11136.

CVE-2017-11136 and CVE-2017-11137

The two critical vulnerabilities announced by Red Hat are CVE-2017-11136 and CVE-2017-11137. These two vulnerabilities allow remote attackers to execute arbitrary code on vulnerable systems as well as to obtain sensitive information from the system. The mitigations for these vulnerabilities include disabling remote host management and enforcing strict permissions on the rsyslog admin user.

Red Hat Satellite 5.6 Update

Red Hat Satellite 5.6 provides customers with a number of important updates including Red Hat Enterprise Linux 7.4, RHEL7.4 Satellite 5.6 and Desktop 5.6, as well as the updates listed below:

- Update to prevent man-in-the-middle attacks on connections made through Virtual Private Networks (VPN)
- Update to prevent users from accessing an incorrect URL after updating from earlier versions of Satellite
- Update to prevent Kerberos credential forwarding from being sent to unauthorized servers

CVE-2017-11137

A vulnerability in the way Red Hat Satellite handles configuration with an external repository has been identified. The vulnerability, CVE-2017-11137, is due to how Satellite handles the retrieval of information from a repository when refreshed.
If an attacker uses this vulnerability, they could gain access to sensitive information and perform actions on the system without authorization.

Users of Red Hat Satellite 5.6 are recommended to apply the update

Red Hat has announced that an update for Red Hat Satellite 5.6 will be available soon. The release notes provide details about the availability of this patch and instructions for downloading it. As this is a critical vulnerability, users are recommended to apply this update as soon as possible in order to protect their systems. In addition, there are mitigations against the CVE-2017-11137 critical vulnerability and against the CVE-2017-11136 critical vulnerability.

Timeline

Published on: 09/15/2022 16:15:00 UTC
Last modified on: 09/19/2022 18:22:00 UTC

References

• https://www.zerodayinitiative.com/advisories/ZDI-22-1199/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40643