Headline
RHSA-2023:0837: Red Hat Security Advisory: systemd security and bug fix update
An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4415: A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Synopsis
Moderate: systemd security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for systemd is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
- systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting (CVE-2022-4415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- systemd doesn’t record messages to the journal during boot (BZ#2164049)
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2155515 - CVE-2022-4415 systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting
- BZ - 2164049 - systemd doesn’t record messages to the journal during boot [rhel-8.7.0.z]
Red Hat Enterprise Linux for x86_64 8
SRPM
systemd-239-68.el8_7.4.src.rpm
SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94
Download
x86_64
systemd-239-68.el8_7.4.i686.rpm
SHA-256: afc128e3b79820ca2143221a2cae86e6634843b7b3f34da2c288791bef6e1dbc
Download
systemd-239-68.el8_7.4.x86_64.rpm
SHA-256: 7bac29d5dd331a7dab975835c75f22be4d9e0a5995eaa4c907e4f9f44d60e043
Download
systemd-container-239-68.el8_7.4.i686.rpm
SHA-256: 5890f28f22ee91b0c81ee71bd8127dbb242cdc5567cd854d886bb49e33ac3e2c
Download
systemd-container-239-68.el8_7.4.x86_64.rpm
SHA-256: b906e3a8038e8f9f34908067cc89d8b1a28cc4ce7060d732423129e5384e8f76
Download
systemd-container-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: 165d49e9e72c199681c7d55f8a4d0e8f86f79199bb4cf2e6e3823584c4850033
Download
systemd-container-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 4a444ecc42a00dfdf30b99572517ff3adec9dfe499cb9c8c030de89a0489b457
Download
systemd-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: ec70fd574091d6b690c17384c7d9792656dc87fb1236047fb9021946027ca7f5
Download
systemd-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 2a3f07443ef092667d3927364f87c5bdec071611b7a716a53e66bb7bb043fbea
Download
systemd-debugsource-239-68.el8_7.4.i686.rpm
SHA-256: 4a6d3113f83169ed881c7e9ad7607bda66ca3c38694343c24e363f3188529b6a
Download
systemd-debugsource-239-68.el8_7.4.x86_64.rpm
SHA-256: bed4a7e027a1f306344a3e785333645b8ac78cb9cfe0c61bfe8a34b73296d778
Download
systemd-devel-239-68.el8_7.4.i686.rpm
SHA-256: 7128d0fa49dd354e55f31252d0bd2c5c7b86a6ef9142b7d12f025ca270fdd64c
Download
systemd-devel-239-68.el8_7.4.x86_64.rpm
SHA-256: 02f650bb3bef22a4d152c55f4cc45d221b7d940cb9b2cbcd71dc0d8d3ed3a46b
Download
systemd-journal-remote-239-68.el8_7.4.x86_64.rpm
SHA-256: f7674a7529b3f10203dbbad180070f109aea543426664c6000444a5a5c7fa0a1
Download
systemd-journal-remote-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: d10babf7bbf7230d67871f62b4eea0869414ff46fd6ebe9098b3eedc12f1afb9
Download
systemd-journal-remote-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 57a0b9a3f87ed8094ce3dd1e88b96343e733b44fdd7a80952d80400993f583be
Download
systemd-libs-239-68.el8_7.4.i686.rpm
SHA-256: 720d8f609acc526760b3efc6f50686aff053fd9f4e71a5d6b5e79ec002a316ba
Download
systemd-libs-239-68.el8_7.4.x86_64.rpm
SHA-256: 65872428b3a47b9a9538347ec9a79c20c558ef5624038b046d673c48824bb483
Download
systemd-libs-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: aa32e9930f74fff4d86ef53c1c7707dc9fec64ff7d64209a0046da9feb32b882
Download
systemd-libs-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 998a451375976ea30b90aa06469071d5009ae51394e10ce98b5b1254d3e7440e
Download
systemd-pam-239-68.el8_7.4.x86_64.rpm
SHA-256: 50f9fb15d619f825da699a9b1737ec40e6b00400df72a7fb8c3ab9df43e42e3a
Download
systemd-pam-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: c8a6ef008d44da3954578a608ca1c8cfd397b4e59a74e63c83ecccc915ba520c
Download
systemd-pam-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 6560ac8af06a9a76a5798fb051b29bbbe4fe3d6e59d29e6994710d50c761fa6e
Download
systemd-tests-239-68.el8_7.4.x86_64.rpm
SHA-256: 18f746bbb45b2f2012c21adb09fe4e9594100824bbde5d359982f1e7a907fe58
Download
systemd-tests-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: cc32ebf041f3b4079e2ea398fd176f3e4300e0be9035aaacc4cd17f09f7c1ce0
Download
systemd-tests-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: d3f1bf992c7afdc0d884e46a772b6e05622a2fc7651006e20dbcca613a4c9722
Download
systemd-udev-239-68.el8_7.4.x86_64.rpm
SHA-256: a1c6c2626e6691d6e33385b646157af8f470fe804626ba5b31786e377f83b1d9
Download
systemd-udev-debuginfo-239-68.el8_7.4.i686.rpm
SHA-256: 6723ee799b74570c3b3a4db86d464502d329b89bd060212d0f9eab35dced6711
Download
systemd-udev-debuginfo-239-68.el8_7.4.x86_64.rpm
SHA-256: 59ef88795ad11dea22ca53d54c966a6b6d24990d089acb40735dc910f5a8286e
Download
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
systemd-239-68.el8_7.4.src.rpm
SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94
s390x
systemd-239-68.el8_7.4.s390x.rpm
SHA-256: ac5f503294f15a0f2d2a0a3955a6c571c5cb3c134712721f338b0fd47e80a124
systemd-container-239-68.el8_7.4.s390x.rpm
SHA-256: 369238576bf47a1a2570d4df3f28b0ed303b751c57b9fc4e05f8a2bd61cae64e
systemd-container-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: b9844fd1ad79f02b8cdb56d18f6a6e6135e8bd19f3ebd859596b26b7b659ccb9
systemd-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: ae99e5be7c8c9e870691d2d7c079889e63b7a730de0b338fe030475c1054ccd0
systemd-debugsource-239-68.el8_7.4.s390x.rpm
SHA-256: 2306e37d3837d0ca3edb32e542e682ca4e6b6b137e8618ac98933977e4021456
systemd-devel-239-68.el8_7.4.s390x.rpm
SHA-256: 8db5d596f04403797fbac05f5cd1ba1b43e05a2db033e0730ca7aeac973c2859
systemd-journal-remote-239-68.el8_7.4.s390x.rpm
SHA-256: 0a1701848c90ea7db9a2873cdd8b3d6445a60685d5ca799fe1668c48a7000c61
systemd-journal-remote-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: 9fb5e71ab620d1d32d0847302a3d009313dd97100b008839d5b05f8d8aa36034
systemd-libs-239-68.el8_7.4.s390x.rpm
SHA-256: 0b40bbfda3197ca9c6580fe438ed1356a81a60a4cb558ac886a2fb8763fe1072
systemd-libs-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: fcb0ab359c591df6e88a63f58a82e5568232df3a0a2423bd5b19630c6d65e228
systemd-pam-239-68.el8_7.4.s390x.rpm
SHA-256: 88fb64272144776c211d7003191157d115c3f0eddf12ad4261ae4c3a97f926a3
systemd-pam-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: 619d3470004f661a80a685de9cd5d065a5be78b8907a2398cb7b29372e661d35
systemd-tests-239-68.el8_7.4.s390x.rpm
SHA-256: 7a8178b358a7bac41b0ae236f4a4cf45ac5d55f1d1033da31bed16f2aba68046
systemd-tests-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: 05aaf7fd227c0378db574e4c35c994e571bec5a634c6b5c0c610f066be04b213
systemd-udev-239-68.el8_7.4.s390x.rpm
SHA-256: 38df848fd7625cd99e1541a72934175068477004dc70c96b44114fd421c43abe
systemd-udev-debuginfo-239-68.el8_7.4.s390x.rpm
SHA-256: 890a38775f895a5b3bce52189212e505029fbb1e97a875cbf4fe6fe01bed9fa6
Red Hat Enterprise Linux for Power, little endian 8
SRPM
systemd-239-68.el8_7.4.src.rpm
SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94
ppc64le
systemd-239-68.el8_7.4.ppc64le.rpm
SHA-256: 7bce37882f1a23e04fc144be7a6b5c4290e672a65c0def5a5332005c6b965dc8
systemd-container-239-68.el8_7.4.ppc64le.rpm
SHA-256: d74300f7e63ead06502f121e92b2c2c8f3bf27475040430b5988b784b6cdb22a
systemd-container-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: e20aed0201690a39e57f8c0dc52c61d4133301f386899583dfcb22de62c2096c
systemd-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: a7adf015cb62f30274f7a5718d6a91a43e45d8d9f3ebcc9d42c7d2ae52ce3226
systemd-debugsource-239-68.el8_7.4.ppc64le.rpm
SHA-256: 92dd6616cd7d6ca69a4f6587fc16d3060d7297b1a5ecb49de9c4e8ed1c8160ea
systemd-devel-239-68.el8_7.4.ppc64le.rpm
SHA-256: 2067f37a9042f3e223f4dcf2e474c39ebba46a7418db387dff99b4994848f955
systemd-journal-remote-239-68.el8_7.4.ppc64le.rpm
SHA-256: db70a39907644ce841152856f5afa1c62fde457e7493b895443b82b39ddc8c6e
systemd-journal-remote-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: 9ed7055c3495fe184ce48a6b30d7a7aab97073385cc3c66f3e79128e136777a4
systemd-libs-239-68.el8_7.4.ppc64le.rpm
SHA-256: 03967f3a615148a76083b321ca87d496bd1d50dff5042f9b2130d07265b37e64
systemd-libs-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: fd9b2d022c456607272e50419c5f8b236729a03be3f9ab21365f53ddc2fade4e
systemd-pam-239-68.el8_7.4.ppc64le.rpm
SHA-256: 875b06f9b4ad7b5de4b72c2c6cdb5abb91bf4522c714b9430493fee71630661a
systemd-pam-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: 8d59f951017927edb5ea5bd6e121dbb535a102a7637595c62dd4be194cc43eb1
systemd-tests-239-68.el8_7.4.ppc64le.rpm
SHA-256: 32c144dca197b69c47d77b8b96d9bb4235344102438080cbb3ba7c64f429344b
systemd-tests-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: 09ebf79d80f25dd5895d66b69d984b88bbb6402c97ebacb4a329fa69a843fb8a
systemd-udev-239-68.el8_7.4.ppc64le.rpm
SHA-256: cbae84631985463b9d2b3b3087b25d28f5b262719ce7f114f24e91fa8ea86c57
systemd-udev-debuginfo-239-68.el8_7.4.ppc64le.rpm
SHA-256: b5aa24200d73bd3ca902aa9794412a4f130d52f6dec54019f0c294105df57722
Red Hat Enterprise Linux for ARM 64 8
SRPM
systemd-239-68.el8_7.4.src.rpm
SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94
aarch64
systemd-239-68.el8_7.4.aarch64.rpm
SHA-256: 3c42b5efb332275433bc7dc7968adafb08cd09557ce38832df212af86373beb5
systemd-container-239-68.el8_7.4.aarch64.rpm
SHA-256: 63d2a0a48442c710db67b2f0f1bb765371289f29b396b4c71a47a690f1884c66
systemd-container-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 69ffc444ca03361fdd93783f044ce40ccd5a21f0c6f0b02e2be0aafe0f6a3613
systemd-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 786a3c6927028abc7e37a7a2ddd4e55bf608ea4a1940053f21a580c4eca2491e
systemd-debugsource-239-68.el8_7.4.aarch64.rpm
SHA-256: e631c7790afae4466304a25ab90e652f4fc7d63545ff21de24eb57894c03c179
systemd-devel-239-68.el8_7.4.aarch64.rpm
SHA-256: 60a311e0d1baf359bf7ec84439a2c893afdc100af0befd824d1455ce3a03cd32
systemd-journal-remote-239-68.el8_7.4.aarch64.rpm
SHA-256: 5ea0dd5c403ab209b487f942a2f5a50bb4f0d8f21a773e38b57410a2295bf1c6
systemd-journal-remote-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 9c2d4f165621180388ba3ae90cd1d84516d6f0ee3f234ed715dbbc59082023bf
systemd-libs-239-68.el8_7.4.aarch64.rpm
SHA-256: 081a1a244a806b88068bf8bedcc1025189ae6fc72221dddc3ee9e6d489bc8beb
systemd-libs-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 2ec4b73abbd05227033658c33499c1b613790f0b74426afd73290080cd102624
systemd-pam-239-68.el8_7.4.aarch64.rpm
SHA-256: 257f36e193c9892cea33d02642630d00ac494f696d559081633bb8ef525ffb6a
systemd-pam-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: d72c36f92a9a3b4b0ba2394450f3397731a84ee390ffc4d63767f5a1464fe61f
systemd-tests-239-68.el8_7.4.aarch64.rpm
SHA-256: 2121d730ac56ddf2ed104b96714eb2c60ba5836b0e03c1f9776002d7083195dd
systemd-tests-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 6af82e1cc4fb97c993603c7a173d0146c1eba3e803d4258a8f75d521f313ad5e
systemd-udev-239-68.el8_7.4.aarch64.rpm
SHA-256: 8e54d098a5fcbaedf9b13c1006112732e7dd8f2bd326b47da3399e4c62e5b566
systemd-udev-debuginfo-239-68.el8_7.4.aarch64.rpm
SHA-256: 3d0b5694b63fd68cc5a641134a93369dd9a0151a0c21be2dfc3ef6324dc42c28
Related news
Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40186: A flaw was found in HashiCorp Vault and Vault Enterprise, where they could allow a locally authenticated attacker to gain unauthorized access to the system, caused by a flaw in the alias naming schema implementation for mount accessors with shared alias n...
Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...
An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to alloc...
Logging Subsystem 5.5.8 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...
Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.
Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...
Ubuntu Security Notice 5928-1 - It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).
An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to c...
Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.
An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0923: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
An update for systemd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4415: A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. * CVE-2022-45873: A flaw was found in the systemd-coredump utility of systemd. When an application crashes, the systemd-coredump utility is called twice, once by the kernel and the ...
Red Hat Security Advisory 2023-0837-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an information leakage vulnerability.
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]