Headline
RHSA-2022:2031: Red Hat Security Advisory: libssh security, bug fix, and enhancement update
An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3634: libssh: possible heap-based buffer overflow when rekeying
Synopsis
Low: libssh security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
The following packages have been upgraded to a later upstream version: libssh (0.9.6). (BZ#1896651)
Security Fix(es):
- libssh: possible heap-based buffer overflow when rekeying (CVE-2021-3634)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing these updated packages, all running applications using libssh must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 1896651 - Update for libssh-0.9.0-4.el8.x86_64 as it has bug. Rebase to libssh-0-9-6
- BZ - 1978810 - CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying
- BZ - 2020159 - CI/gating - replace STI tests
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
Red Hat Enterprise Linux for x86_64 8
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
x86_64
libssh-0.9.6-3.el8.i686.rpm
SHA-256: 5e2e9744aedbb581518d906a12201d294dc6448f291aad2f53026edc3f8dd8fd
libssh-0.9.6-3.el8.x86_64.rpm
SHA-256: 621763135233bb2373617d7291f0ffaabae66f106ea2f05a030db73136eef448
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-devel-0.9.6-3.el8.i686.rpm
SHA-256: f36a3fc18f1aef76362045f5834c51dd2f716c0ae990c4ec332a017326926a43
libssh-devel-0.9.6-3.el8.x86_64.rpm
SHA-256: 3df40c669ca0faf8e97f34a886706a1d76c836320376d6239a7a8e651c3e7fc2
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
x86_64
libssh-0.9.6-3.el8.i686.rpm
SHA-256: 5e2e9744aedbb581518d906a12201d294dc6448f291aad2f53026edc3f8dd8fd
libssh-0.9.6-3.el8.x86_64.rpm
SHA-256: 621763135233bb2373617d7291f0ffaabae66f106ea2f05a030db73136eef448
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-devel-0.9.6-3.el8.i686.rpm
SHA-256: f36a3fc18f1aef76362045f5834c51dd2f716c0ae990c4ec332a017326926a43
libssh-devel-0.9.6-3.el8.x86_64.rpm
SHA-256: 3df40c669ca0faf8e97f34a886706a1d76c836320376d6239a7a8e651c3e7fc2
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
x86_64
libssh-0.9.6-3.el8.i686.rpm
SHA-256: 5e2e9744aedbb581518d906a12201d294dc6448f291aad2f53026edc3f8dd8fd
libssh-0.9.6-3.el8.x86_64.rpm
SHA-256: 621763135233bb2373617d7291f0ffaabae66f106ea2f05a030db73136eef448
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-devel-0.9.6-3.el8.i686.rpm
SHA-256: f36a3fc18f1aef76362045f5834c51dd2f716c0ae990c4ec332a017326926a43
libssh-devel-0.9.6-3.el8.x86_64.rpm
SHA-256: 3df40c669ca0faf8e97f34a886706a1d76c836320376d6239a7a8e651c3e7fc2
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
s390x
libssh-0.9.6-3.el8.s390x.rpm
SHA-256: 1e817b340497627bd1b55e68f502da5fc94f28dce58d2b78bd617bf3a6a6e4a9
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.s390x.rpm
SHA-256: a142e139af2c25f53c17a237715c51cd9ecddcfc10d573966ea804c8dcf14775
libssh-debuginfo-0.9.6-3.el8.s390x.rpm
SHA-256: a142e139af2c25f53c17a237715c51cd9ecddcfc10d573966ea804c8dcf14775
libssh-debugsource-0.9.6-3.el8.s390x.rpm
SHA-256: 1e7017e3ef2c26733418db3200c86015502d18411e28ca26f2eefc5fa7da2c8f
libssh-debugsource-0.9.6-3.el8.s390x.rpm
SHA-256: 1e7017e3ef2c26733418db3200c86015502d18411e28ca26f2eefc5fa7da2c8f
libssh-devel-0.9.6-3.el8.s390x.rpm
SHA-256: 4d75d5f4247757f84b1b6ab7751c8ec6911b3aa230a5f7e84ca6dd9adee63b07
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
s390x
libssh-0.9.6-3.el8.s390x.rpm
SHA-256: 1e817b340497627bd1b55e68f502da5fc94f28dce58d2b78bd617bf3a6a6e4a9
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.s390x.rpm
SHA-256: a142e139af2c25f53c17a237715c51cd9ecddcfc10d573966ea804c8dcf14775
libssh-debugsource-0.9.6-3.el8.s390x.rpm
SHA-256: 1e7017e3ef2c26733418db3200c86015502d18411e28ca26f2eefc5fa7da2c8f
libssh-devel-0.9.6-3.el8.s390x.rpm
SHA-256: 4d75d5f4247757f84b1b6ab7751c8ec6911b3aa230a5f7e84ca6dd9adee63b07
Red Hat Enterprise Linux for Power, little endian 8
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
ppc64le
libssh-0.9.6-3.el8.ppc64le.rpm
SHA-256: a21ba162d97a1685015caa14c98f37293591949da8e1bf2381696a5979c37cd2
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.ppc64le.rpm
SHA-256: 8f3c110e2f26013b9a8a4b272dbaca3c032e74e857e5bd06adb73e710c476b28
libssh-debuginfo-0.9.6-3.el8.ppc64le.rpm
SHA-256: 8f3c110e2f26013b9a8a4b272dbaca3c032e74e857e5bd06adb73e710c476b28
libssh-debugsource-0.9.6-3.el8.ppc64le.rpm
SHA-256: 76ccbc091f9787a0eb887642d66fdcafc33d38c14733ba731ab2867992ff40ec
libssh-debugsource-0.9.6-3.el8.ppc64le.rpm
SHA-256: 76ccbc091f9787a0eb887642d66fdcafc33d38c14733ba731ab2867992ff40ec
libssh-devel-0.9.6-3.el8.ppc64le.rpm
SHA-256: 252d0f6ccbb4977c227e581a3e225db938b64a792062d5c40ca12ceb66bf8c2f
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
ppc64le
libssh-0.9.6-3.el8.ppc64le.rpm
SHA-256: a21ba162d97a1685015caa14c98f37293591949da8e1bf2381696a5979c37cd2
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.ppc64le.rpm
SHA-256: 8f3c110e2f26013b9a8a4b272dbaca3c032e74e857e5bd06adb73e710c476b28
libssh-debugsource-0.9.6-3.el8.ppc64le.rpm
SHA-256: 76ccbc091f9787a0eb887642d66fdcafc33d38c14733ba731ab2867992ff40ec
libssh-devel-0.9.6-3.el8.ppc64le.rpm
SHA-256: 252d0f6ccbb4977c227e581a3e225db938b64a792062d5c40ca12ceb66bf8c2f
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
x86_64
libssh-0.9.6-3.el8.i686.rpm
SHA-256: 5e2e9744aedbb581518d906a12201d294dc6448f291aad2f53026edc3f8dd8fd
libssh-0.9.6-3.el8.x86_64.rpm
SHA-256: 621763135233bb2373617d7291f0ffaabae66f106ea2f05a030db73136eef448
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-devel-0.9.6-3.el8.i686.rpm
SHA-256: f36a3fc18f1aef76362045f5834c51dd2f716c0ae990c4ec332a017326926a43
libssh-devel-0.9.6-3.el8.x86_64.rpm
SHA-256: 3df40c669ca0faf8e97f34a886706a1d76c836320376d6239a7a8e651c3e7fc2
Red Hat Enterprise Linux for ARM 64 8
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
aarch64
libssh-0.9.6-3.el8.aarch64.rpm
SHA-256: db4aef2595cf69a700d0630e73c388fba30c9cb262e54240fe8e6ad8624478a8
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.aarch64.rpm
SHA-256: 65b5c6e237c8f0e6548ee9ba02c6762616e10c1997b49fa6048880767ba3ab31
libssh-debuginfo-0.9.6-3.el8.aarch64.rpm
SHA-256: 65b5c6e237c8f0e6548ee9ba02c6762616e10c1997b49fa6048880767ba3ab31
libssh-debugsource-0.9.6-3.el8.aarch64.rpm
SHA-256: 22db4c776ca753c23d7295d8cfc518daaf60eaaa5a77f4de75ae656ef95a0977
libssh-debugsource-0.9.6-3.el8.aarch64.rpm
SHA-256: 22db4c776ca753c23d7295d8cfc518daaf60eaaa5a77f4de75ae656ef95a0977
libssh-devel-0.9.6-3.el8.aarch64.rpm
SHA-256: 0f7c3d6479482e6010f22c0ea3efd141c0a1757184b6823c5e6f190bb2d232b4
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
aarch64
libssh-0.9.6-3.el8.aarch64.rpm
SHA-256: db4aef2595cf69a700d0630e73c388fba30c9cb262e54240fe8e6ad8624478a8
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.aarch64.rpm
SHA-256: 65b5c6e237c8f0e6548ee9ba02c6762616e10c1997b49fa6048880767ba3ab31
libssh-debugsource-0.9.6-3.el8.aarch64.rpm
SHA-256: 22db4c776ca753c23d7295d8cfc518daaf60eaaa5a77f4de75ae656ef95a0977
libssh-devel-0.9.6-3.el8.aarch64.rpm
SHA-256: 0f7c3d6479482e6010f22c0ea3efd141c0a1757184b6823c5e6f190bb2d232b4
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
ppc64le
libssh-0.9.6-3.el8.ppc64le.rpm
SHA-256: a21ba162d97a1685015caa14c98f37293591949da8e1bf2381696a5979c37cd2
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.ppc64le.rpm
SHA-256: 8f3c110e2f26013b9a8a4b272dbaca3c032e74e857e5bd06adb73e710c476b28
libssh-debugsource-0.9.6-3.el8.ppc64le.rpm
SHA-256: 76ccbc091f9787a0eb887642d66fdcafc33d38c14733ba731ab2867992ff40ec
libssh-devel-0.9.6-3.el8.ppc64le.rpm
SHA-256: 252d0f6ccbb4977c227e581a3e225db938b64a792062d5c40ca12ceb66bf8c2f
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.6
SRPM
libssh-0.9.6-3.el8.src.rpm
SHA-256: 96065d131fcf5837eda70bfa8359817600ff975b9ed4545e3bacc999c5929c04
x86_64
libssh-0.9.6-3.el8.i686.rpm
SHA-256: 5e2e9744aedbb581518d906a12201d294dc6448f291aad2f53026edc3f8dd8fd
libssh-0.9.6-3.el8.x86_64.rpm
SHA-256: 621763135233bb2373617d7291f0ffaabae66f106ea2f05a030db73136eef448
libssh-config-0.9.6-3.el8.noarch.rpm
SHA-256: 14175dab807188a8261298dc3ba7b7cd19a9fbf36d0ee5b5c6cacc7e424998e4
libssh-debuginfo-0.9.6-3.el8.i686.rpm
SHA-256: 96b393ff95a5e0d6a06e9e78b554f872d5677f98ac1880ac5f3bf975eed49834
libssh-debuginfo-0.9.6-3.el8.x86_64.rpm
SHA-256: f3f795546cd53664298c64415dd893a4f9db32559d4769f5cfb79fe316225d9e
libssh-debugsource-0.9.6-3.el8.i686.rpm
SHA-256: 9326584e43fd7c4e2e66385d6a99ad92456f92bf1c3e61bd60cbe330a44c7f06
libssh-debugsource-0.9.6-3.el8.x86_64.rpm
SHA-256: baeaa62e42b2d629a648097a75801b4ba36c627d06c1819e648ed4e797f1bb28
libssh-devel-0.9.6-3.el8.i686.rpm
SHA-256: f36a3fc18f1aef76362045f5834c51dd2f716c0ae990c4ec332a017326926a43
libssh-devel-0.9.6-3.el8.x86_64.rpm
SHA-256: 3df40c669ca0faf8e97f34a886706a1d76c836320376d6239a7a8e651c3e7fc2
Related news
Gentoo Linux Security Advisory 202312-5 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution. Versions greater than or equal to 0.10.5 are affected.
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat Security Advisory 2022-5201-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which apply security fixes and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-5188-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.
Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Security Advisory 2022-4985-01 - New Cryostat 2.1.1 on RHEL 8 container images have been released, containing bug fixes and addressing security vulnerabilities. Issues addressed include a deserialization vulnerability.
New Cryostat 2.1.1 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25647: com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson * CVE-2022-28948: golang-gopkg-yaml: crash when attempting to deserialize invalid input
Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2021-43816: containerd: Unprivileged pod may bind mount any privileged regular file on disk * CVE-2021-43858: minio: user priv...
Red Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2022-4880-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Issues addressed include a bypass vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23820: json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion
Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.
Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2022-4692-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2022-4691-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.4 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.