Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-4992-01

Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Packet Storm
#vulnerability#linux#red_hat#ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: xz security update
Advisory ID: RHSA-2022:4992-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4992
Issue date: 2022-06-13
CVE Names: CVE-2022-1271
=====================================================================

  1. Summary:

An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

  1. Description:

XZ Utils is an integrated collection of user-space file compression
utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which
performs lossless data compression. The algorithm provides a high
compression ratio while keeping the decompression time short.

Security Fix(es):

  • gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

  1. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:
xz-5.2.4-4.el8_2.src.rpm

aarch64:
xz-5.2.4-4.el8_2.aarch64.rpm
xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm
xz-debugsource-5.2.4-4.el8_2.aarch64.rpm
xz-devel-5.2.4-4.el8_2.aarch64.rpm
xz-libs-5.2.4-4.el8_2.aarch64.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm

ppc64le:
xz-5.2.4-4.el8_2.ppc64le.rpm
xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm
xz-devel-5.2.4-4.el8_2.ppc64le.rpm
xz-libs-5.2.4-4.el8_2.ppc64le.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm

s390x:
xz-5.2.4-4.el8_2.s390x.rpm
xz-debuginfo-5.2.4-4.el8_2.s390x.rpm
xz-debugsource-5.2.4-4.el8_2.s390x.rpm
xz-devel-5.2.4-4.el8_2.s390x.rpm
xz-libs-5.2.4-4.el8_2.s390x.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm

x86_64:
xz-5.2.4-4.el8_2.x86_64.rpm
xz-debuginfo-5.2.4-4.el8_2.i686.rpm
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
xz-debugsource-5.2.4-4.el8_2.i686.rpm
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
xz-devel-5.2.4-4.el8_2.i686.rpm
xz-devel-5.2.4-4.el8_2.x86_64.rpm
xz-libs-5.2.4-4.el8_2.i686.rpm
xz-libs-5.2.4-4.el8_2.x86_64.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.2):

aarch64:
xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm
xz-debugsource-5.2.4-4.el8_2.aarch64.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm
xz-lzma-compat-5.2.4-4.el8_2.aarch64.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm

ppc64le:
xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
xz-lzma-compat-5.2.4-4.el8_2.ppc64le.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm

s390x:
xz-debuginfo-5.2.4-4.el8_2.s390x.rpm
xz-debugsource-5.2.4-4.el8_2.s390x.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm
xz-lzma-compat-5.2.4-4.el8_2.s390x.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm

x86_64:
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
xz-lzma-compat-5.2.4-4.el8_2.x86_64.rpm
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-1271
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYqcmgNzjgjWX9erEAQiFmA//QvLebq6O1ElGuQbAOcMZMk+essRRYnAD
dqAwMuepS7op1u9FsHmugzWZLFHLEmekR9Kq2odyzkWc5FB73+Iv9eqw4iODcZhb
IkDjQbZmHRrAjZ3GC2kHP/xL9SkYyAQICvGO6kBeunG7DXrZT2C24UllhBWnl2ST
PLlXIL8k8IvzViacLrR7rtMZU1IsARPdn391bB8XMCGnuzL0D4Z3ncnGCgQ3u+20
raw4ZD5EY8aNzpd3E44l0BKkxxluFM6Td2KXIcK8hIyvSqbMSuOZiJTIfFgqY5Ms
tjvfZBW8WVHwAWoD/nF7Ctv8GwvFRiypZnjtiiGEzxzl8ht63J5lqo/LgaY2upZM
+AIH9aUNsTlSftKUU1/qHfzWIfTz9tpzSR/IMuKsomfCuZWkTU5cU/HyXn4gYmSH
+OaiD06PZDxk0pjil19FbOvn36FWCprbM/KuKFsLMK0LSUXRIpzMfjR8Ok887fqS
gtxbCRUacD/EUcIoqv8paV3R3J5ozP+PFmLBqrnNOhkyJ2JkdY22fZyZoDKQIATA
2b3mW4aPxrhNj0bnTj+5PmhaxK+LnZtrYf1WVx0Tv4HZWqv2kmqClT61kvrIcU1r
1VFSn7DhVquKaHtMe7InXjP62bnla47rTHBs/zcagfnkd8T3u4ZWrS2CiH3FBbft
NUeDYdX5EhQ=
=4jHG
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

CVE-2022-43908: Security Bulletin: IBM Security Guardium is affected by several vulnerabilities

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Red Hat Security Advisory 2022-6681-01

Red Hat Security Advisory 2022-6681-01 - Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

CVE-2022-1271: Invalid Bug ID

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

Red Hat Security Advisory 2022-5673-01

Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.

RHSA-2022:5556: Red Hat Security Advisory: Logging Subsystem 5.4.3 - Red Hat OpenShift security update

Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5439: Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.23

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...

RHSA-2022:5392: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...

Red Hat Security Advisory 2022-5187-01

Red Hat Security Advisory 2022-5187-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.

RHSA-2022:5153: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug * CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. * CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI * CVE-2022-31036: argocd: vulnerable to a symlink followin...

RHSA-2022:5192: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug * CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. * CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI * CVE-2022-31036: argocd: vulnerable to a symlink followin...

Red Hat Security Advisory 2022-5132-01

Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

Red Hat Security Advisory 2022-5052-01

Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

RHSA-2022:4993: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:4940: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

Red Hat Security Advisory 2022-4582-01

Red Hat Security Advisory 2022-4582-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.

Red Hat Security Advisory 2022-4814-01

Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2022:4814: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)

Red Hat Security Advisory 2022-2283-01

Red Hat Security Advisory 2022-2283-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.35.

RHSA-2022:4690: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

RHSA-2022:4582: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

Red Hat Security Advisory 2022-2216-01

Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Packet Storm: Latest News

Zeek 6.0.9