Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-6102-01

Red Hat Security Advisory 2022-6102-01 - Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.1.

Packet Storm
#vulnerability#red_hat#redis#js#git#kubernetes#rpm#wifi#ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: OpenShift Container Platform 4.11.1 packages and security update
Advisory ID: RHSA-2022:6102-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6102
Issue date: 2022-08-23
CVE Names: CVE-2022-30629
====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.11.1 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.11.1. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2022:6103

Security Fix(es):

  • golang: crypto/tls: session tickets lack random ticket_age_add
    (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

  1. Solution:

For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

  1. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:
NetworkManager-1.36.0-8.el8_6.src.rpm
butane-0.15.0-2.rhaos4.11.el8.src.rpm
console-login-helper-messages-0.20.4-1.rhaos4.11.el8.src.rpm
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.src.rpm
ignition-2.14.0-4.rhaos4.11.el8.src.rpm
openshift-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.src.rpm
openshift-ansible-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.src.rpm
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.src.rpm
openshift-kuryr-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.src.rpm
python-kubernetes-24.2.0-1.el8.src.rpm

aarch64:
NetworkManager-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-adsl-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-bluetooth-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-cloud-setup-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-debugsource-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-libnm-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-libnm-devel-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-ovs-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-ppp-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-team-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-team-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-tui-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-wifi-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-wwan-1.36.0-8.el8_6.aarch64.rpm
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.aarch64.rpm
butane-0.15.0-2.rhaos4.11.el8.aarch64.rpm
butane-debuginfo-0.15.0-2.rhaos4.11.el8.aarch64.rpm
butane-debugsource-0.15.0-2.rhaos4.11.el8.aarch64.rpm
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm
ignition-2.14.0-4.rhaos4.11.el8.aarch64.rpm
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.aarch64.rpm
ignition-debugsource-2.14.0-4.rhaos4.11.el8.aarch64.rpm
ignition-validate-2.14.0-4.rhaos4.11.el8.aarch64.rpm
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.aarch64.rpm
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.aarch64.rpm
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.aarch64.rpm

noarch:
NetworkManager-config-connectivity-redhat-1.36.0-8.el8_6.noarch.rpm
NetworkManager-config-server-1.36.0-8.el8_6.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.36.0-8.el8_6.noarch.rpm
butane-redistributable-0.15.0-2.rhaos4.11.el8.noarch.rpm
console-login-helper-messages-0.20.4-1.rhaos4.11.el8.noarch.rpm
console-login-helper-messages-issuegen-0.20.4-1.rhaos4.11.el8.noarch.rpm
console-login-helper-messages-profile-0.20.4-1.rhaos4.11.el8.noarch.rpm
openshift-ansible-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.noarch.rpm
openshift-ansible-test-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.noarch.rpm
openshift-kuryr-cni-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm
openshift-kuryr-common-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm
openshift-kuryr-controller-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm
python3-kubernetes-24.2.0-1.el8.noarch.rpm
python3-kubernetes-tests-24.2.0-1.el8.noarch.rpm
python3-kuryr-kubernetes-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm

ppc64le:
NetworkManager-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-adsl-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-bluetooth-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-cloud-setup-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-debugsource-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-libnm-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-libnm-devel-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-ovs-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-ppp-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-team-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-team-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-tui-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-wifi-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-wwan-1.36.0-8.el8_6.ppc64le.rpm
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.ppc64le.rpm
butane-0.15.0-2.rhaos4.11.el8.ppc64le.rpm
butane-debuginfo-0.15.0-2.rhaos4.11.el8.ppc64le.rpm
butane-debugsource-0.15.0-2.rhaos4.11.el8.ppc64le.rpm
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm
ignition-2.14.0-4.rhaos4.11.el8.ppc64le.rpm
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.ppc64le.rpm
ignition-debugsource-2.14.0-4.rhaos4.11.el8.ppc64le.rpm
ignition-validate-2.14.0-4.rhaos4.11.el8.ppc64le.rpm
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.ppc64le.rpm
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.ppc64le.rpm
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.ppc64le.rpm

s390x:
NetworkManager-1.36.0-8.el8_6.s390x.rpm
NetworkManager-adsl-1.36.0-8.el8_6.s390x.rpm
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-bluetooth-1.36.0-8.el8_6.s390x.rpm
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-cloud-setup-1.36.0-8.el8_6.s390x.rpm
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-debugsource-1.36.0-8.el8_6.s390x.rpm
NetworkManager-libnm-1.36.0-8.el8_6.s390x.rpm
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-libnm-devel-1.36.0-8.el8_6.s390x.rpm
NetworkManager-ovs-1.36.0-8.el8_6.s390x.rpm
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-ppp-1.36.0-8.el8_6.s390x.rpm
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-team-1.36.0-8.el8_6.s390x.rpm
NetworkManager-team-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-tui-1.36.0-8.el8_6.s390x.rpm
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-wifi-1.36.0-8.el8_6.s390x.rpm
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.s390x.rpm
NetworkManager-wwan-1.36.0-8.el8_6.s390x.rpm
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.s390x.rpm
butane-0.15.0-2.rhaos4.11.el8.s390x.rpm
butane-debuginfo-0.15.0-2.rhaos4.11.el8.s390x.rpm
butane-debugsource-0.15.0-2.rhaos4.11.el8.s390x.rpm
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm
ignition-2.14.0-4.rhaos4.11.el8.s390x.rpm
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.s390x.rpm
ignition-debugsource-2.14.0-4.rhaos4.11.el8.s390x.rpm
ignition-validate-2.14.0-4.rhaos4.11.el8.s390x.rpm
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.s390x.rpm
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.s390x.rpm
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.s390x.rpm

x86_64:
NetworkManager-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-adsl-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-bluetooth-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-cloud-setup-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-debugsource-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-libnm-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-libnm-devel-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-ovs-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-ppp-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-team-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-team-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-tui-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-wifi-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-wwan-1.36.0-8.el8_6.x86_64.rpm
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.x86_64.rpm
butane-0.15.0-2.rhaos4.11.el8.x86_64.rpm
butane-debuginfo-0.15.0-2.rhaos4.11.el8.x86_64.rpm
butane-debugsource-0.15.0-2.rhaos4.11.el8.x86_64.rpm
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm
ignition-2.14.0-4.rhaos4.11.el8.x86_64.rpm
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.x86_64.rpm
ignition-debugsource-2.14.0-4.rhaos4.11.el8.x86_64.rpm
ignition-validate-2.14.0-4.rhaos4.11.el8.x86_64.rpm
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.x86_64.rpm
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.x86_64.rpm
openshift-clients-redistributable-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.x86_64.rpm
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-30629
https://access.redhat.com/security/updates/classification/#low

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYwUXa9zjgjWX9erEAQjjtA/7B4PRy5mp+SWD2Ir4zQG9BiRF4swA18Jy
xS/C7Z/ZN22oGH8aF1W2aXsQJ9UlTPxm892k6UbpnghZdJQoZdZY86K3MeHi6u7e
CxZP1I/WV36czTOVNVm80p230nLnd03Y1pHcGwKPK+W0mUivnc2dQAZyI07qbXgq
H7vyv7yXyKWTiB8biMeUmsWtzgUzIJXU5WlVfDZGcWF2CnhRuoEr9GDsv5e+gbgL
eHq/ohji5h3+sNstpHly6jOhk3wC3PwuvFDf0G21onPi58Lz+9FGukufPvaNvoao
iHdSDl5tq/ic2lDmSqW7ltLED2q/wJtfErIKXcwrRQVXgQWkqPyR5jCtTjwBv1w6
o2WAN/oXs+jsukMD4tGVUgU6odXtrxRgZwLOw0uFB9SpavBRSFyhSK+0Oh1iqm9S
92XzbUKaesoLp+EQC2RDqMzrEUsfk9h7O74cUk1H42rF9daYjIAvujIwW0ZZT24u
oCSby9T9xwzEL3n+EGv2ISL6PP+8baO6xp3Y6IHKWASiuwhyOIDB2iBOZW8Q3+ud
vWD8IaljuvIW9RYBd64vlirUno7v8y16y5kCVmW3A1OO2BkxtSv/SbcrnG3Qm2K8
oP/6ifzNeYf2fIgYjy2eXZ212pejwIXAnzKao42FAf5I4W/N7k+MnmncvYUMayUp
C+BRJVVBdmIqKi
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

RHSA-2023:4488: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 6.0.1[security update]

The components for Red Hat OpenShift support for Windows Containers 6.0.1 are now available. This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject...

Red Hat Security Advisory 2023-3642-01

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

Red Hat Security Advisory 2023-2283-01

Red Hat Security Advisory 2023-2283-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Red Hat Security Advisory 2023-2367-01

Red Hat Security Advisory 2023-2367-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

RHSA-2023:2367: Red Hat Security Advisory: containernetworking-plugins security and bug fix update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption. * CVE-2022-41717: A flaw was found in the net/http library of th...

Ubuntu Security Notice USN-6038-1

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

RHSA-2023:1275: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by rev...

RHSA-2023:0630: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...

Red Hat Security Advisory 2023-0407-01

Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

Red Hat Security Advisory 2022-6535-01

Red Hat Security Advisory 2022-6535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.

Red Hat Security Advisory 2022-6536-01

Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.5.

Red Hat Security Advisory 2022-6536-01

Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.

Red Hat Security Advisory 2022-6429-01

Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

Red Hat Security Advisory 2022-6370-01

Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6345-01

Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

Red Hat Security Advisory 2022-6348-01

Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

RHSA-2022:6370: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...

RHSA-2022:6345: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes

Multicluster Engine v2.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzi...

RHSA-2022:6347: Red Hat Security Advisory: VolSync 0.5 security fixes and updates

VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...

RHSA-2022:6348: Red Hat Security Advisory: Gatekeeper Operator v0.2 security and container updates

Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...

RHSA-2022:6346: Red Hat Security Advisory: RHSA: Submariner 0.13 - security and enhancement update

Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...

Red Hat Security Advisory 2022-6152-01

Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.

Red Hat Security Advisory 2022-6290-01

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6277-01

Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:6290: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6102: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 packages and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

CVE-2022-30634: [security] Go 1.18.3 and Go 1.17.11 are released

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution