Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-0402-01

Red Hat Security Advisory 2023-0402-01 - An update for bind is now available for Red Hat Enterprise Linux 7.

Packet Storm
#vulnerability#linux#red_hat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: bind security update
Advisory ID: RHSA-2023:0402-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0402
Issue date: 2023-01-24
CVE Names: CVE-2021-25220 CVE-2022-2795
====================================================================

  1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

  • bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

  • bind: processing large delegations may severely degrade resolver
    performance (CVE-2022-2795)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability
2128584 - CVE-2022-2795 bind: processing large delegations may severely degrade resolver performance

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.13.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bind-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.13.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bind-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.13.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm

ppc64:
bind-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-libs-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm

ppc64le:
bind-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm

s390x:
bind-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.s390.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-libs-9.11.4-26.P2.el7_9.13.s390.rpm
bind-libs-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.s390.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-utils-9.11.4-26.P2.el7_9.13.s390x.rpm

x86_64:
bind-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-devel-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.ppc64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm

ppc64le:
bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.ppc64le.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm

s390x:
bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-devel-9.11.4-26.P2.el7_9.13.s390.rpm
bind-devel-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.s390.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.s390.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.s390x.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.13.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm

x86_64:
bind-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-25220
https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY9AIs9zjgjWX9erEAQiz9BAAiQvmAQ5DWdOQbHHizPAHBnKnBtNBfCT3
iaAzKQ0Yrpk26N9cdrvcBJwdrHpI28VJ3eemFUxQFseUqtAErsgfL4QqnjPjQgsp
U2qLPjqbzfOrbi1CuruMMIIbtxfwvsdic8OB9Zi7XzfZjWm2X4c6Ima+QXol6x9a
8J2qdzCqhoYUXJgdpVK9nAAGsPtidcnqLYYIcTclJArp6uRSlEEk7EbNJvs2SAbj
MUo5aq5BoVy2TkiMyqhT5voy6K8f4c7WbQYerNieps18541ZSr29fAzWBznr3Yns
gE10Aaoa8uCxlaexFR8EahPVYe6wJAm6R62LBabEWChbzW0oxr7X2DdzX9eiOwl0
wJT0n4GHoFsCGMa+v1yybkjHIUfiW25WC7bC4QDj4fjTpbicVlnttXhQJwCJK5bb
PC27GE6qi7EqwHYJa/jPenbIG38mXj/r2bwIr1qYQMLjQ8BQIneShky3ZWE4l/jd
zTMwGVal8ACBYdCALx/O9QNyzaO92xHLnKl3DIoqaQdjasIfGp/G6Xc1YggKyZAP
VVtXPiOIbReBVNWiBXMH1ZEQeNon4su0/MbMWrmJpwvEzYeXkuWO98LZ4dlLVuim
NG/dJ6RqzT6/aqRNVyOt5s4SLIQ5DrPXoPnZRUBsbpWhP6lxPhESKA0TUg5FYz33
eDGIrZR4jEY=azJw
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

Red Hat Security Advisory 2023-4238-01

Red Hat Security Advisory 2023-4238-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3609-01

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

RHSA-2023:3609: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

Red Hat Security Advisory 2023-3379-01

Red Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.

RHSA-2023:3435: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.74 for Kubernetes security update

An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted inpu...

RHSA-2023:3379: Red Hat Security Advisory: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...

RHSA-2023:3353: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates

Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...

Red Hat Security Advisory 2023-3325-01

Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3325: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.7 security fixes and container updates

Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-2792-01

Red Hat Security Advisory 2023-2792-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

RHSA-2023:3002: Red Hat Security Advisory: bind security and bug fix update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

RHSA-2023:2792: Red Hat Security Advisory: bind9.16 security and bug fix update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large am...

RHSA-2023:2261: Red Hat Security Advisory: bind security and bug fix update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amount...

RHSA-2023:0402: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-2795: bind: processing large delegations may severely degrade resolver performance

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-8068-01

Red Hat Security Advisory 2022-8068-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8385-01

Red Hat Security Advisory 2022-8385-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

RHSA-2022:8068: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-0396: bind: DoS from specifically crafted TCP packets

RHSA-2022:8385: Red Hat Security Advisory: dhcp security and enhancement update

An update for dhcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability

Red Hat Security Advisory 2022-7643-01

Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.

RHSA-2022:7643: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-0396: bind: DoS from specifically crafted TCP packets

RHSA-2022:7790: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability

Ubuntu Security Notice USN-5626-2

Ubuntu Security Notice 5626-2 - USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service.

Ubuntu Security Notice USN-5626-1

Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.

CVE-2022-2795: CVE-2022-2795: Processing large delegations may severely degrade resolver performance - Security Advisories

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

CVE-2021-25220: CVE-2021-25220: DNS forwarders - cache poisoning vulnerability

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Packet Storm: Latest News

Zeek 6.0.9