Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3109: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Red Hat Security Data
#sql#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#ldap#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-16

Updated:

2023-05-16

RHSA-2023:3109 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: apr-util security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for apr-util is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. apr-util is a library which provides
additional utility interfaces for APR; including support for XML parsing,
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

  • apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

Red Hat Enterprise Linux for x86_64 8

SRPM

apr-util-1.6.1-6.el8_8.1.src.rpm

SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b

x86_64

apr-util-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 0a7e40a7bd8fbbeca80ebc1c5981cbf8165a1143902d0ce721808af6a7ff6a6c

apr-util-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 5827a1ac265f36500629956b1a6459a7d386160c22bc15474d3f17ae5d423093

apr-util-bdb-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 27048db571ef2bc515ba620870a8cc4f4309f7690a3c1622e68b549b6aed9559

apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 5918a2ed17afc7a81ea3cfb5014ec0faa705459398e01b7f6c3706a5425a128b

apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: f07078d174df343db6b2827eb9853538a708afd64534882eda5fd5c74e19fe66

apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 89df21035445be618f0de5a8274dd8885dddc55fb16d6289db6f7d0356591945

apr-util-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 75aebd5b41a4f9f49a7254af058a5d04f4f8727eb852a4d7d312c43bdcc79118

apr-util-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 53a73b959d49742c2218fc5bf2aff2cbad6dcb5f479fada248c663a011bbff5a

apr-util-debugsource-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 2609ac83e3d51333e7cbd4cd213096691de4c5ea322097ee9e4f1e9ef435f675

apr-util-debugsource-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 6a7fe3111243f0a5a1b889500cbadd0c3a234b41b862c894f9d2a9219a05a497

apr-util-devel-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 87732116db093c2d0e856cb077ecc014827c41ab32fe80bad8699b311a65e43f

apr-util-devel-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 96e5402b1bbd62f78e607a20b2d3b2d28d9bd635e5ddc8e5e3f1c61545ae613c

apr-util-ldap-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 28ebb264368cd0b9b614fa631947afa60623c82b9fbd596b01a608a3f830d644

apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 5ee98b294b87227298877731be0c5c32d0bf0128781bf4c3e4de3c1bec66e58e

apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: c931fd089f171d8ed5573b3b109eb727d0765db24df5b849cd09d4be43c3bf52

apr-util-mysql-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: a8d93b38a5b97c0c5d8800d2f1ee68331c50aec494327b3f93c1f1a3efb4c446

apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 8748c2c9077c86ab01198c4c4bd428c37f3578e72d436fa0793c2d0c63746253

apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 19f457a844ff65d509a4a94ec1b70c6e0d7ba64569ef4b4dd850040c5cb4f3a0

apr-util-odbc-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 367acc6a6dc256a5286da7a6d0a967d7268be8f72f5a33b77b34d4bc8ba69dea

apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: ef552ae27511f9002c1cfda42059612088e0dc251079832decdcec218372ef6d

apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 136e87b159831352a6cc469aa99c923e21647b60f5ab503ab554e26afab748e8

apr-util-openssl-1.6.1-6.el8_8.1.i686.rpm

SHA-256: ba3561c46e110dbcf0f6bc1daefcd41bc546c16ecfefdb692e82b8bc3431ce7f

apr-util-openssl-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: be4dbbd4f21d43de4d9a74ba4f67bc5618e9f66c0691dbe33d7960576473d193

apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 7de2e9d96d5b4d374a4cb9fd73b15cb87565f9fdcb0b46e08a571fc309bbf4e8

apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: e6d38eae63bc749554318ec5eb9df27076fd2d8661e69c2ff0ccf99e64f75208

apr-util-pgsql-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 97eef4d4d642fcbfb751f4c66ce1466e32644175824b409baa9562de77f99f0f

apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: db9a3f9bf1d6e91f07de21f517db6e2ca28209ba5317f040b07225b20bf5ddb8

apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 68ce7c3ebec7e298564aa34f059337c04b4b8871580cf44f6ed47196b418e42a

apr-util-sqlite-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: 45286fe6a15f20068746ca7c966683ff5a1d47ec88470e809d8c7eff809bc901

apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.i686.rpm

SHA-256: 8e07615dad5f058fed7bf96026ff40724a2d97033f969e74bd7ab375dc613dc4

apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm

SHA-256: f5e4f0cfc4d7bca5edb91a41ab12c0b173df26a13683fa1fbb09ce8e2178a353

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

apr-util-1.6.1-6.el8_8.1.src.rpm

SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b

s390x

apr-util-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 40e4fc848b290ef8d2bb64baf86c401ab03b523abe37d7ca7f74ab0b8400daf6

apr-util-bdb-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: d3fc8609e76374b81cb2bfd6e1fb184c6f64ad29851fb1e129213e289b32c964

apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: c71287736de6e21c3b8ed789cefafff249ec6414997de22319c2e32af2c6b270

apr-util-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 46cbbe9aeb8b0c4e5663f331b7051253fc252028691c0bce2314fde17f7b1e4e

apr-util-debugsource-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 73d417a7b0d90b47a03dec8ff110f33784e580bba2797ab99406f485718c6420

apr-util-devel-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 3b27011d9db74582a08aa0980261a3837db8676ed7af13a8358e01988825fcf5

apr-util-ldap-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 12008cf5631052a83227ca761bc5257fac5bfb4627044281432757355b4daf4a

apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 62b021d76a722d204f543cc6b584bc3812a3f2b6b85fb589dc2de820e58e0dc3

apr-util-mysql-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: f7110abb67ff5b35608d5fe15bb138ffdd36fb95f7c262090a4d42252747f181

apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 5c341f9e8efab2393acc909b078d25485437113f2630a9e35ea66dd5231d5553

apr-util-odbc-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: e1f77554706a02eb471056ecbba2efaaba36b5e3acc53b0886bb96f18cea65a6

apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 3716cbee1ab665ecf53838867c47a10b53791b971e53697edb828974c01981b3

apr-util-openssl-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 59718a5a01a5035ff19dac5a11a5603fd39162c92d13faee64feddc08e91f10c

apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: b016ae14c6f33df144ced46a518092c0cfed0fa26c60b4627cbb603526d36cf3

apr-util-pgsql-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 8563d9cb2ef040505846eba524c3ba89110cff846d4524aa0b8b07c2500cf4bf

apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: eb8bce5baa494a50322f2a281f747e629befe11ddff0f6f9b0cbfa9646c8098a

apr-util-sqlite-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 25dc20bac27c8894d8eb513ef39ed9b0bb071cb71bdd4875cae477a5e3f9de0a

apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.s390x.rpm

SHA-256: 5c55f6fae4fd0fcfb8b39742d7f75c998a9fc7eb179e23ed6d60486cc766d9bd

Red Hat Enterprise Linux for Power, little endian 8

SRPM

apr-util-1.6.1-6.el8_8.1.src.rpm

SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b

ppc64le

apr-util-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 143dad15777949bd6cb3de1116d3e5d05151c9a1ca5a64e945612d9446504c37

apr-util-bdb-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 8d4954150d9f4204caefb6cd35fc83b5f1b97455e59323463d9835245ea4bf3c

apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: b1573c3b64b1ff036e9ed0853e80169c8f7cfc701086678d83de336fcbb7e80b

apr-util-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 3689eedc00becd52c43fb7d02f003eda990dcec48bd9141e36d82822d3569e97

apr-util-debugsource-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 4baec509271cfb8148f1ca992c74ed5210f30b97948e3b0a9426b8a59c70b32c

apr-util-devel-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 7a4aa0f335b644265967c1c781db424014f9a82614bc5658ab51a783612e73a9

apr-util-ldap-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 28f3d0fc5c293f4960358b4f592221cb93534aa7de1b0c3afc676c40f21a64bc

apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 186aa8567344f9c74169b4b046a0b1308d90d3b5fd2ba6b31ca826ebff468010

apr-util-mysql-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: a828ce7271c3cfe93b0568827b38ddae876da4abe438391c1d657f9509b887c2

apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 9be5cc3b8d24bb249cb4a598d3bf79ba998bb07430b2dada79ff161a06ba7115

apr-util-odbc-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 7a6a111d5b85e5e935761e3bbd5d47590646e991106c4e61c5c5316eceaea0c7

apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 2c328feb4e1d0b0855879e9cf38a30f8e3ababce4222aa4e4d14a33bb457dd36

apr-util-openssl-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: d6c674e6ae823b21ca03945c9b5ca372f547be50da284fadfe98847826ce02e8

apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: a8ce0720ecf18873b352f2b0d8c8bbf517b17260f8d878a378c8b9a09f681008

apr-util-pgsql-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: 82400989565f1e3d0106d5093d1161d949aa12c190e9d611d6cdb68ddc093013

apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: e6beb03129fafdd32ba8ce17d91356c3266e4481e1e0611ab1c2e4427a5e8f2c

apr-util-sqlite-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: c955f7474d7d012aebbdea928b418da5587373f93850b1c13f7b4cf2f7500bed

apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm

SHA-256: c0ece448ab4960d01b578de8f5412ad5320a3416ee79ea978c9921e83f2713fd

Red Hat Enterprise Linux for ARM 64 8

SRPM

apr-util-1.6.1-6.el8_8.1.src.rpm

SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b

aarch64

apr-util-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 8aa0c2b1f6e3dc87f51935f388adbce0b23f35c20d639c7acf6a956596c17454

apr-util-bdb-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 18e647681d17de04c3a66bf175eaf71f62731cc43f50b59fd719a23b9d9bf21a

apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 761688a39928fd645c87b1dac6b6407237232dcc3eb1c4457e919dad92186162

apr-util-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 4a77f81bc2562d17099108d5ef96817b921aa6ef26576ae3c2e4b45f1148d278

apr-util-debugsource-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 60974836014021af32954311767f42041247c391932b3592ecb3a451b813e22b

apr-util-devel-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: c6f1aed6fdccdd70f500f9d63644268dfe2ea21f1d8221a61c3b6932ea3c636e

apr-util-ldap-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 275ae6b9eb8f5eb329627191b094f7d9012bdc90cda73efef84617dce395a257

apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 267b3cc05ac9151d44ada3c3f2b5ea7d5bbbcc2a951f8dd2e0e091d4ea8fdd2c

apr-util-mysql-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 9303f61f113e40ae5d3ce644490d0ee9c2dfa143104cc27d3b42eca6332bc883

apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 1c6ed2a7bfe2cdeb02e694378c660eae4de8bab0f158b70ac23c2e37251d61a2

apr-util-odbc-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 4bbfa82bee0907c72b0d7fd7d6e5fc6980c70e3274ff31c05f1652ed3e2a6c63

apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: b13eccc411669d9705ab03547d6bba0bd4356aee5e7e7f9982d04cd8feb46bb7

apr-util-openssl-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 673d84b9163f422f59106e3416a9e11ce8ce96e92f4fb729e38cbfecbd6c9dcb

apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 36835752f36b0a3149ffa49143f63976dc85263809c2ca22bbb0c09bc8835c76

apr-util-pgsql-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: c66d5824e8c19df4ea1bb4480d38f731e60e03492a94c4d09506cac16b4a599c

apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 8e6b93a3b0529aed9f7a23ef83295ab0c1698037740f95db7ebfa21a3a303d12

apr-util-sqlite-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 6438859b5746b4ef60f9e9efceaee3f04e1a353bd9349b54cafc9096e10faa24

apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm

SHA-256: 9c6bbd038e5ac2af8c42f15ffa3e4399ffd832e3468a03324d2ad514f781cceb

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3495-01

Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2023-3380-01

Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

RHSA-2023:3380: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...

RHSA-2023:3287: Red Hat Security Advisory: OpenShift Container Platform 4.12.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...

Red Hat Security Advisory 2023-3177-01

Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3147-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3146-01

Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3177: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3145: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3146: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

Debian Security Advisory 5364-1

Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.

Ubuntu Security Notice USN-5870-1

Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

CVE-2022-25147

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.