Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-7874-01

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

Packet Storm
#xss#vulnerability#web#red_hat#kubernetes#rpm#jira

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.8.53 bug fix and security update
Advisory ID: RHSA-2022:7874-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7874
Issue date: 2022-11-18
CVE Names: CVE-2021-45485 CVE-2021-45486 CVE-2022-2588
CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
CVE-2022-21618 CVE-2022-21619 CVE-2022-21624
CVE-2022-21626 CVE-2022-21628 CVE-2022-26945
CVE-2022-30321 CVE-2022-30322 CVE-2022-30323
CVE-2022-39399 CVE-2022-41974
====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.8.53 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.8.53. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2022:7873

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Security Fix(es):

  • go-getter: command injection vulnerability (CVE-2022-26945)
  • go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)
  • go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)
  • go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

  1. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

You may download the oc tool and use it to inspect release image metadata
for x86_64, s390x, and ppc64le architectures. The image digests
may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)
The image digest is
sha256:ac2bbfa7036c64bbdb44f9a74df3dbafcff1b851d812bf2a48c4fabcac3c7a53

(For s390x architecture)
The image digest is
sha256:ac2c74a664257cea299126d4f789cdf9a5a4efc4a4e8c2361b943374d4eb21e4

(For ppc64le architecture)
The image digest is
sha256:53adc42ed30ad39d7117837dbf5a6db6943a8f0b3b61bc0d046b83394f5c28b2

All OpenShift Container Platform 4.8 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

2077100 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204
2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)
2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)
2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)
2092928 - CVE-2022-26945 go-getter: command injection vulnerability

  1. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-2205 - Prefer local dns does not work expectedly on OCPv4.8
OCPBUGS-2347 - [cluster-api-provider-baremetal] fix 4.8 build
OCPBUGS-2577 - [4.8] ETCD Operator goes degraded when a second internal node ip is added
OCPBUGS-2773 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name
OCPBUGS-2989 - [4.8] cri-o should report the stage of container and pod creation it’s stuck at

  1. References:

https://access.redhat.com/security/cve/CVE-2021-45485
https://access.redhat.com/security/cve/CVE-2021-45486
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-21123
https://access.redhat.com/security/cve/CVE-2022-21125
https://access.redhat.com/security/cve/CVE-2022-21166
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-26945
https://access.redhat.com/security/cve/CVE-2022-30321
https://access.redhat.com/security/cve/CVE-2022-30322
https://access.redhat.com/security/cve/CVE-2022-30323
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/cve/CVE-2022-41974
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY3csZNzjgjWX9erEAQgVQg//dfbbERoUaVbqbL5MAgN43BOuYuiK0zT2
wkUXSTkIyLGkEqCU6KGhwbrUvMqye1Fef7MomJ0sXUj1MfUuV4FInczZmioJf59d
JAKdJQ8wEsqCaedwB+an5bVY6CEGdhsiN4a3JubKfGNkWcVOEr55acdgmu+n0hMJ
6zGQKgJLfBLPU7V/OG5zb/F2/GE6gwvqDsrrCMe6yZ7O2RTHDDnVI+bG1twhOjNb
M/wxjxMc3KxAl/32EQXQQnDdicl8Fg3KSCLnVfKwQMfN3O9Fj5AFdW3kT27MKKrF
DVsXTEeiLPvvUcfbu2KoLUqwXNajIDLNPYmwdWHrVZpOJcSSwDKxd3TRD1X8a5FO
2ZCpqk/InKz/mzhun+XSsyqY/KrevPFxiBzhfbPZE2EhBRXARUad4ycBlfSCacf9
wwFHEwPDzZ4NygYc1s+2dI9P5tDB+K21XB0d/41yq5XheYonBSu3Ji9+dqMIq/4R
Hb+xisN5QoaB+3pf6PMIrhlvNestYQ4TzOHdmEpJRZOehIJ49bJXtIRXq6uDj52b
7gvzoKpRdy3QZNBLNcrJPB0be9yE8chRaxMa++fviQbNamJm3NPVL5jBzBNrEINr
a9u8YMzpCzskWP3HdBUZ2bLT2zTnvb3Qj0vKQcUzO/hwl2z3hNbE2L+zOfXfWypj
jBUti9NswAw=uJJL
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Gentoo Linux Security Advisory 202401-25

Gentoo Linux Security Advisory 202401-25 - Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution. Versions greater than or equal to 11.0.19_p7:11 are affected.

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Debian Security Advisory 5366-1

Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.

Debian Security Advisory 5335-1

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Debian Security Advisory 5331-1

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

RHSA-2022:9111: Red Hat Security Advisory: OpenShift Container Platform 4.9.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8598-01

Red Hat Security Advisory 2022-8598-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free v...

RHSA-2022:8609: Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update

Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2022-7885-01

Red Hat Security Advisory 2022-7885-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7344-01

Red Hat Security Advisory 2022-7344-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7216: Red Hat Security Advisory: OpenShift Container Platform 4.9.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7216: Red Hat Security Advisory: OpenShift Container Platform 4.9.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7216: Red Hat Security Advisory: OpenShift Container Platform 4.9.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7216: Red Hat Security Advisory: OpenShift Container Platform 4.9.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7344: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Security Advisory 2022-7201-01

Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7211-01

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-7279-01

Red Hat Security Advisory 2022-7279-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7279-01

Red Hat Security Advisory 2022-7279-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7279-01

Red Hat Security Advisory 2022-7279-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7211: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7211: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7211: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7211: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

RHSA-2022:7191: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7173-01

Red Hat Security Advisory 2022-7173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7192: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7188: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7187: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

Red Hat Security Advisory 2022-7146-01

Red Hat Security Advisory 2022-7146-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7146: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7004-01

Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7004-01

Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7004-01

Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7004-01

Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7012-01

Red Hat Security Advisory 2022-7012-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7012-01

Red Hat Security Advisory 2022-7012-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7000-01

Red Hat Security Advisory 2022-7000-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7000-01

Red Hat Security Advisory 2022-7000-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-6905-01

Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6905-01

Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6905-01

Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6905-01

Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7053: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7051: Red Hat Security Advisory: OpenJDK 17.0.5 Security Update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 ce...

RHSA-2022:7054: Red Hat Security Advisory: OpenJDK 11.0.17 Security Update for Portable Linux Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7054: Red Hat Security Advisory: OpenJDK 11.0.17 Security Update for Portable Linux Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X...

RHSA-2022:7050: Red Hat Security Advisory: OpenJDK 8u352 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServer no connection co...

RHSA-2022:7050: Red Hat Security Advisory: OpenJDK 8u352 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServer no connection co...

RHSA-2022:7050: Red Hat Security Advisory: OpenJDK 8u352 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServer no connection co...

RHSA-2022:7050: Red Hat Security Advisory: OpenJDK 8u352 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) * CVE-2022-21628: OpenJDK: HttpServer no connection co...

RHSA-2022:7000: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 cer...

RHSA-2022:7000: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memory allocation in X.509 cer...

RHSA-2022:7010: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memo...

RHSA-2022:7010: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21618: OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) * CVE-2022-21619: OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) * CVE-2022-21624: OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) * CVE-2022-21626: OpenJDK: excessive memo...

RHSA-2022:6905: Red Hat Security Advisory: OpenShift Container Platform 4.9.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

RHSA-2022:6905: Red Hat Security Advisory: OpenShift Container Platform 4.9.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

RHSA-2022:6905: Red Hat Security Advisory: OpenShift Container Platform 4.9.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

RHSA-2022:6905: Red Hat Security Advisory: OpenShift Container Platform 4.9.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6978-01

Red Hat Security Advisory 2022-6978-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:6954: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service

RHSA-2022:6954: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service

RHSA-2022:6954: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

Red Hat Security Advisory 2022-6551-01

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...

Red Hat Security Advisory 2022-6308-01

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

Red Hat Security Advisory 2022-6308-01

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

Red Hat Security Advisory 2022-6308-01

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

Red Hat Security Advisory 2022-6308-01

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

RHSA-2022:6308: Red Hat Security Advisory: OpenShift Container Platform 4.8.49 security update

Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...

RHSA-2022:6308: Red Hat Security Advisory: OpenShift Container Platform 4.8.49 security update

Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...

RHSA-2022:6308: Red Hat Security Advisory: OpenShift Container Platform 4.8.49 security update

Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...

RHSA-2022:6308: Red Hat Security Advisory: OpenShift Container Platform 4.8.49 security update

Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

RHSA-2022:6258: Red Hat Security Advisory: OpenShift Container Platform 4.10.31 security update

Red Hat OpenShift Container Platform release 4.10.31 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:6258: Red Hat Security Advisory: OpenShift Container Platform 4.10.31 security update

Red Hat OpenShift Container Platform release 4.10.31 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:6258: Red Hat Security Advisory: OpenShift Container Platform 4.10.31 security update

Red Hat OpenShift Container Platform release 4.10.31 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:6258: Red Hat Security Advisory: OpenShift Container Platform 4.10.31 security update

Red Hat OpenShift Container Platform release 4.10.31 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2022:6271: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS

RHSA-2022:6271: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS

RHSA-2022:6271: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS

Ubuntu Security Notice USN-5588-1

Ubuntu Security Notice 5588-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged

RHSA-2022:5937: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

Ubuntu Security Notice USN-5535-1

Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

Ubuntu Security Notice USN-5535-1

Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

Ubuntu Security Notice USN-5535-1

Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-27935: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-27931: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27933: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27933: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27936: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-26656: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27936: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27931: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27935: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-26656: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

Ubuntu Security Notice USN-5486-1

Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

Ubuntu Security Notice USN-5486-1

Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

Ubuntu Security Notice USN-5485-1

Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5485-1

Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5485-1

Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5484-1

Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5484-1

Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5484-1

Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

GHSA-28r2-q6m8-9hpx: Unsafe downloads in HashiCorp go-getter

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses.

GHSA-cjr4-fv6c-f3mv: Unsafe downloads in HashiCorp go-getter

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws.

Packet Storm: Latest News

Zeek 6.0.9