Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5052: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#ssl

Synopsis

Important: xz security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xz is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Security Fix(es):

  • gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

Red Hat Enterprise Linux Server 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

x86_64

xz-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 7050a428bd8a62a5d2c6f4374e4e771792dce4907d25a1eb99496bf8deeb76ac

xz-compat-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: c871101ea851c1432f577660ab24f2ed437ec1e07e7276c93933f0939722f6cb

xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 03ac96746e08a1bb46e02498576510a52648f5d06ccf64145803bf7c36d1c2b9

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-devel-5.2.2-2.el7_9.i686.rpm

SHA-256: e8db171c964cf442614961b4efd0fdc01b6d11f3eced796ce9ef92c64cb1b5f8

xz-devel-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 3c5fccbb029393814ea9f112a1b33483d5d8f662687a7031e3cba722154ced69

xz-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: fe93102ec27f211425d80e9fe12fc6afb517f9624e255e0b997796973f46a007

xz-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 0f834cba39f747e26818fcb9f97125ebc304a31c326be1eae6602fd9f193a29b

xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

SHA-256: e965a5e3fce6264a6706e80b02ffe7071867cb821f754635ea0ceba8d9c354eb

Red Hat Enterprise Linux Workstation 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

x86_64

xz-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 7050a428bd8a62a5d2c6f4374e4e771792dce4907d25a1eb99496bf8deeb76ac

xz-compat-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: c871101ea851c1432f577660ab24f2ed437ec1e07e7276c93933f0939722f6cb

xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 03ac96746e08a1bb46e02498576510a52648f5d06ccf64145803bf7c36d1c2b9

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-devel-5.2.2-2.el7_9.i686.rpm

SHA-256: e8db171c964cf442614961b4efd0fdc01b6d11f3eced796ce9ef92c64cb1b5f8

xz-devel-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 3c5fccbb029393814ea9f112a1b33483d5d8f662687a7031e3cba722154ced69

xz-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: fe93102ec27f211425d80e9fe12fc6afb517f9624e255e0b997796973f46a007

xz-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 0f834cba39f747e26818fcb9f97125ebc304a31c326be1eae6602fd9f193a29b

xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

SHA-256: e965a5e3fce6264a6706e80b02ffe7071867cb821f754635ea0ceba8d9c354eb

Red Hat Enterprise Linux Desktop 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

x86_64

xz-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 7050a428bd8a62a5d2c6f4374e4e771792dce4907d25a1eb99496bf8deeb76ac

xz-compat-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: c871101ea851c1432f577660ab24f2ed437ec1e07e7276c93933f0939722f6cb

xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 03ac96746e08a1bb46e02498576510a52648f5d06ccf64145803bf7c36d1c2b9

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-devel-5.2.2-2.el7_9.i686.rpm

SHA-256: e8db171c964cf442614961b4efd0fdc01b6d11f3eced796ce9ef92c64cb1b5f8

xz-devel-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 3c5fccbb029393814ea9f112a1b33483d5d8f662687a7031e3cba722154ced69

xz-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: fe93102ec27f211425d80e9fe12fc6afb517f9624e255e0b997796973f46a007

xz-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 0f834cba39f747e26818fcb9f97125ebc304a31c326be1eae6602fd9f193a29b

xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

SHA-256: e965a5e3fce6264a6706e80b02ffe7071867cb821f754635ea0ceba8d9c354eb

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

s390x

xz-5.2.2-2.el7_9.s390x.rpm

SHA-256: 5efdc1de15d0cf5e2c675dbed1f1595a0354bcdeb52e0eaeac7e5239a54d1123

xz-compat-libs-5.2.2-2.el7_9.s390.rpm

SHA-256: 5213590ea9248c5788d762d81b5d5704f046878a44d27e5dc9ca3d8bd8157f6a

xz-compat-libs-5.2.2-2.el7_9.s390x.rpm

SHA-256: 348e61d12103da68562aa21ca5610747a8faa2c9068518b4ed5b69715d9b6e41

xz-debuginfo-5.2.2-2.el7_9.s390.rpm

SHA-256: 7710453085f015ae5eed0a83b24ce46f0bca153cbf59d061e1bc3dad407a5aa8

xz-debuginfo-5.2.2-2.el7_9.s390.rpm

SHA-256: 7710453085f015ae5eed0a83b24ce46f0bca153cbf59d061e1bc3dad407a5aa8

xz-debuginfo-5.2.2-2.el7_9.s390x.rpm

SHA-256: a5be39cacb5e482a1c4395e9cdee65720ee07dd3a32fd433d46ea1013c3b2d69

xz-debuginfo-5.2.2-2.el7_9.s390x.rpm

SHA-256: a5be39cacb5e482a1c4395e9cdee65720ee07dd3a32fd433d46ea1013c3b2d69

xz-devel-5.2.2-2.el7_9.s390.rpm

SHA-256: f535affe5634674b05fd06ac4d31a6cbb372dee87050ce42e255868d3ba4ec60

xz-devel-5.2.2-2.el7_9.s390x.rpm

SHA-256: 4ca44d0cf8ba92010ebdbd890d204a0c0eede3b787d7fd53e888900e558732bd

xz-libs-5.2.2-2.el7_9.s390.rpm

SHA-256: c9ac5f995fecad2ea378b77890594e7e85dc7d18731b0ecb830b1c532bbb2fa3

xz-libs-5.2.2-2.el7_9.s390x.rpm

SHA-256: 288d4baf8c46020b39f7a47590dc0aecde4f2cf9122d232a234d6d171b700bf1

xz-lzma-compat-5.2.2-2.el7_9.s390x.rpm

SHA-256: 3699156b69b4b42a971da77d8c29a9870682ad9166f84da9b3bb01571f180f50

Red Hat Enterprise Linux for Power, big endian 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

ppc64

xz-5.2.2-2.el7_9.ppc64.rpm

SHA-256: baf93a9ee487ace3138e3e57d1eb69fdee1a12d51d7f7f88d0d34a017244ac7a

xz-compat-libs-5.2.2-2.el7_9.ppc.rpm

SHA-256: a377428fc34f9fc7f5dd1647430ae940ac57f2dfe3059dafe83bf9683ae2ee2c

xz-compat-libs-5.2.2-2.el7_9.ppc64.rpm

SHA-256: 1d1f59fdc6bc7df3aefcca0dcd27c38f83766d8e5f163b68101241b5cccc6ac0

xz-debuginfo-5.2.2-2.el7_9.ppc.rpm

SHA-256: 4e05afef1cbc55b8d80ba7c32702a47b2a410d93feace1a374bb48433cc5d74e

xz-debuginfo-5.2.2-2.el7_9.ppc.rpm

SHA-256: 4e05afef1cbc55b8d80ba7c32702a47b2a410d93feace1a374bb48433cc5d74e

xz-debuginfo-5.2.2-2.el7_9.ppc64.rpm

SHA-256: 0ffce7b0b66e39e6ff0d1836700ea565a2afddaaf3ae21d9787aa7591a064e9a

xz-debuginfo-5.2.2-2.el7_9.ppc64.rpm

SHA-256: 0ffce7b0b66e39e6ff0d1836700ea565a2afddaaf3ae21d9787aa7591a064e9a

xz-devel-5.2.2-2.el7_9.ppc.rpm

SHA-256: 981eaebb92bc2ecc5e29263273db034f039cfbc22dc0db990f4e80bc2195ad31

xz-devel-5.2.2-2.el7_9.ppc64.rpm

SHA-256: 3c03e082da93430915dcddb78528c88f76174225a4fa6f5bdc39d5277af16ef6

xz-libs-5.2.2-2.el7_9.ppc.rpm

SHA-256: 5f2308a021543f419f598c55c11d72fa0924d7f549578357a1741957a6e8bcac

xz-libs-5.2.2-2.el7_9.ppc64.rpm

SHA-256: ab9cd3b457394e72863645ab3d7e202bb7fbdb42f3a2ce8edd41832ea0fcb7d3

xz-lzma-compat-5.2.2-2.el7_9.ppc64.rpm

SHA-256: eb515e5b0217252e2905567d1d9cbf0d61d3e017e234a6a386e33f65d7beaf5e

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

x86_64

xz-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 7050a428bd8a62a5d2c6f4374e4e771792dce4907d25a1eb99496bf8deeb76ac

xz-compat-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: c871101ea851c1432f577660ab24f2ed437ec1e07e7276c93933f0939722f6cb

xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 03ac96746e08a1bb46e02498576510a52648f5d06ccf64145803bf7c36d1c2b9

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.i686.rpm

SHA-256: 9502f47e7a372d7daf166d9e0d751fbafebbbc39bffd9f63c79fa6f8f34e5500

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm

SHA-256: b71a20e4e59cdcfe6e97b5d8a74150f656375d7aeae04ccdf7593ce0971b8362

xz-devel-5.2.2-2.el7_9.i686.rpm

SHA-256: e8db171c964cf442614961b4efd0fdc01b6d11f3eced796ce9ef92c64cb1b5f8

xz-devel-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 3c5fccbb029393814ea9f112a1b33483d5d8f662687a7031e3cba722154ced69

xz-libs-5.2.2-2.el7_9.i686.rpm

SHA-256: fe93102ec27f211425d80e9fe12fc6afb517f9624e255e0b997796973f46a007

xz-libs-5.2.2-2.el7_9.x86_64.rpm

SHA-256: 0f834cba39f747e26818fcb9f97125ebc304a31c326be1eae6602fd9f193a29b

xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

SHA-256: e965a5e3fce6264a6706e80b02ffe7071867cb821f754635ea0ceba8d9c354eb

Red Hat Enterprise Linux for Power, little endian 7

SRPM

xz-5.2.2-2.el7_9.src.rpm

SHA-256: ee2782b5dcc34245e7b11c34bf0651bc0e2c6a2cd4e72a769aaf1fa83ea7a338

ppc64le

xz-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: 05014029e281a019c21a82a052565c7f0af20543855ba6c03b4850cf82654500

xz-compat-libs-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: d7ad38b99480d628d075cae906d2ac8a90ac9408f4f05354ee97052adea0c0c7

xz-debuginfo-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: 5cec8cb1089409556f7022be5b54977e1c0208034f7a6140751bf1513b6234e0

xz-debuginfo-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: 5cec8cb1089409556f7022be5b54977e1c0208034f7a6140751bf1513b6234e0

xz-devel-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: 3dc33da86c8f7324bb063812a19930871c3392f0377ba6e10bc0d855b59b4640

xz-libs-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: 5adfc9102cfa190e4beae1d991470d01c3ec14092d7f0aeb4b446c8ec7f057e5

xz-lzma-compat-5.2.2-2.el7_9.ppc64le.rpm

SHA-256: ede89ffb29ead85bfcb66f8d5b97bf6e528aff6b6f2cb4b4d0f153210c8b5f0b

Related news

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-0786-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:6890: Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

RHSA-2022:6681: Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

Gentoo Linux Security Advisory 202209-01

Gentoo Linux Security Advisory 202209-1 - A vulnerability has been discovered in GNU Gzip and XZ Utils' grep helpers which could result in writes to arbitrary files. Versions less than 1.12 are affected.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

RHSA-2022:5909: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.2.13)

Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5908: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.3.10)

Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2022-5673-01

Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.

RHSA-2022:5556: Red Hat Security Advisory: Logging Subsystem 5.4.3 - Red Hat OpenShift security update

Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5483-01

Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2022:5439: Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.23

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...

Red Hat Security Advisory 2022-5392-01

Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5201: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...

Red Hat Security Advisory 2022-5192-01

Red Hat Security Advisory 2022-5192-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.

RHSA-2022:5188: Red Hat Security Advisory: RHACS 3.69 security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext

RHSA-2022:5152: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug * CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. * CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI * CVE-2022-31036: argocd: vulnerable to a symlink followin...

Red Hat Security Advisory 2022-4991-01

Red Hat Security Advisory 2022-4991-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Red Hat Security Advisory 2022-5026-01

Red Hat Security Advisory 2022-5026-01 - This advisory contains the following OpenShift Virtualization 4.10.2 images: RHEL-8-CNV-4.10. Issues addressed include a denial of service vulnerability.

RHSA-2022:4992: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

Red Hat Security Advisory 2022-4896-01

Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-2281-01

Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.

Red Hat Security Advisory 2022-2265-01

Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.

Red Hat Security Advisory 2022-2272-01

Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.

RHSA-2022:2272: Red Hat Security Advisory: OpenShift Container Platform 4.8.41 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file

Red Hat Security Advisory 2022-4690-01

Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

RHSA-2022:4690: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

Red Hat Security Advisory 2022-2216-01

Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-1679-01

Red Hat Security Advisory 2022-1679-01 - New Cryostat 2.1.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes as well as security issues being addressed.