CVE-2023-26298: HP Device Manager Security Updates

Red Hat Security Advisory 2024-0387-03 - An update for the php:8.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5209-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Red Hat Security Advisory 2023-5049-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP response splitting vulnerability.

Red Hat Security Advisory 2023-5050-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP response splitting vulnerability.

Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...

Red Hat OpenShift Container Platform release 4.11.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows a...

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue ...

Red Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....

Ubuntu Security Notice 6053-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations.

### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details.

In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to r...

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

Ubuntu Security Notice 5931-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 5930-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

Ubuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.

Ubuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.

Ubuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulnerability was fou...

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encod...

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulnerability was fou...

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulnerability was fou...

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encod...

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encod...

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServer no connection...

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2022-7216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. Issues addressed include code execution and memory leak vulnerabilities.

Red Hat Security Advisory 2022-7216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. Issues addressed include code execution and memory leak vulnerabilities.

Red Hat Security Advisory 2022-7216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. Issues addressed include code execution and memory leak vulnerabilities.

Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7009-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7001-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7001-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7000-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7000-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memo...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memo...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServ...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServ...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServ...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServ...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK...

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServ...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: exce...

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.