Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0837: Red Hat Security Advisory: systemd security and bug fix update

An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4415: A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Moderate: systemd security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for systemd is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.

Security Fix(es):

  • systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting (CVE-2022-4415)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • systemd doesn’t record messages to the journal during boot (BZ#2164049)

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2155515 - CVE-2022-4415 systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting
  • BZ - 2164049 - systemd doesn’t record messages to the journal during boot [rhel-8.7.0.z]

Red Hat Enterprise Linux for x86_64 8

SRPM

systemd-239-68.el8_7.4.src.rpm

SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94

Download

x86_64

systemd-239-68.el8_7.4.i686.rpm

SHA-256: afc128e3b79820ca2143221a2cae86e6634843b7b3f34da2c288791bef6e1dbc

Download

systemd-239-68.el8_7.4.x86_64.rpm

SHA-256: 7bac29d5dd331a7dab975835c75f22be4d9e0a5995eaa4c907e4f9f44d60e043

Download

systemd-container-239-68.el8_7.4.i686.rpm

SHA-256: 5890f28f22ee91b0c81ee71bd8127dbb242cdc5567cd854d886bb49e33ac3e2c

Download

systemd-container-239-68.el8_7.4.x86_64.rpm

SHA-256: b906e3a8038e8f9f34908067cc89d8b1a28cc4ce7060d732423129e5384e8f76

Download

systemd-container-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: 165d49e9e72c199681c7d55f8a4d0e8f86f79199bb4cf2e6e3823584c4850033

Download

systemd-container-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 4a444ecc42a00dfdf30b99572517ff3adec9dfe499cb9c8c030de89a0489b457

Download

systemd-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: ec70fd574091d6b690c17384c7d9792656dc87fb1236047fb9021946027ca7f5

Download

systemd-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 2a3f07443ef092667d3927364f87c5bdec071611b7a716a53e66bb7bb043fbea

Download

systemd-debugsource-239-68.el8_7.4.i686.rpm

SHA-256: 4a6d3113f83169ed881c7e9ad7607bda66ca3c38694343c24e363f3188529b6a

Download

systemd-debugsource-239-68.el8_7.4.x86_64.rpm

SHA-256: bed4a7e027a1f306344a3e785333645b8ac78cb9cfe0c61bfe8a34b73296d778

Download

systemd-devel-239-68.el8_7.4.i686.rpm

SHA-256: 7128d0fa49dd354e55f31252d0bd2c5c7b86a6ef9142b7d12f025ca270fdd64c

Download

systemd-devel-239-68.el8_7.4.x86_64.rpm

SHA-256: 02f650bb3bef22a4d152c55f4cc45d221b7d940cb9b2cbcd71dc0d8d3ed3a46b

Download

systemd-journal-remote-239-68.el8_7.4.x86_64.rpm

SHA-256: f7674a7529b3f10203dbbad180070f109aea543426664c6000444a5a5c7fa0a1

Download

systemd-journal-remote-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: d10babf7bbf7230d67871f62b4eea0869414ff46fd6ebe9098b3eedc12f1afb9

Download

systemd-journal-remote-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 57a0b9a3f87ed8094ce3dd1e88b96343e733b44fdd7a80952d80400993f583be

Download

systemd-libs-239-68.el8_7.4.i686.rpm

SHA-256: 720d8f609acc526760b3efc6f50686aff053fd9f4e71a5d6b5e79ec002a316ba

Download

systemd-libs-239-68.el8_7.4.x86_64.rpm

SHA-256: 65872428b3a47b9a9538347ec9a79c20c558ef5624038b046d673c48824bb483

Download

systemd-libs-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: aa32e9930f74fff4d86ef53c1c7707dc9fec64ff7d64209a0046da9feb32b882

Download

systemd-libs-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 998a451375976ea30b90aa06469071d5009ae51394e10ce98b5b1254d3e7440e

Download

systemd-pam-239-68.el8_7.4.x86_64.rpm

SHA-256: 50f9fb15d619f825da699a9b1737ec40e6b00400df72a7fb8c3ab9df43e42e3a

Download

systemd-pam-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: c8a6ef008d44da3954578a608ca1c8cfd397b4e59a74e63c83ecccc915ba520c

Download

systemd-pam-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 6560ac8af06a9a76a5798fb051b29bbbe4fe3d6e59d29e6994710d50c761fa6e

Download

systemd-tests-239-68.el8_7.4.x86_64.rpm

SHA-256: 18f746bbb45b2f2012c21adb09fe4e9594100824bbde5d359982f1e7a907fe58

Download

systemd-tests-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: cc32ebf041f3b4079e2ea398fd176f3e4300e0be9035aaacc4cd17f09f7c1ce0

Download

systemd-tests-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: d3f1bf992c7afdc0d884e46a772b6e05622a2fc7651006e20dbcca613a4c9722

Download

systemd-udev-239-68.el8_7.4.x86_64.rpm

SHA-256: a1c6c2626e6691d6e33385b646157af8f470fe804626ba5b31786e377f83b1d9

Download

systemd-udev-debuginfo-239-68.el8_7.4.i686.rpm

SHA-256: 6723ee799b74570c3b3a4db86d464502d329b89bd060212d0f9eab35dced6711

Download

systemd-udev-debuginfo-239-68.el8_7.4.x86_64.rpm

SHA-256: 59ef88795ad11dea22ca53d54c966a6b6d24990d089acb40735dc910f5a8286e

Download

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

systemd-239-68.el8_7.4.src.rpm

SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94

s390x

systemd-239-68.el8_7.4.s390x.rpm

SHA-256: ac5f503294f15a0f2d2a0a3955a6c571c5cb3c134712721f338b0fd47e80a124

systemd-container-239-68.el8_7.4.s390x.rpm

SHA-256: 369238576bf47a1a2570d4df3f28b0ed303b751c57b9fc4e05f8a2bd61cae64e

systemd-container-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: b9844fd1ad79f02b8cdb56d18f6a6e6135e8bd19f3ebd859596b26b7b659ccb9

systemd-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: ae99e5be7c8c9e870691d2d7c079889e63b7a730de0b338fe030475c1054ccd0

systemd-debugsource-239-68.el8_7.4.s390x.rpm

SHA-256: 2306e37d3837d0ca3edb32e542e682ca4e6b6b137e8618ac98933977e4021456

systemd-devel-239-68.el8_7.4.s390x.rpm

SHA-256: 8db5d596f04403797fbac05f5cd1ba1b43e05a2db033e0730ca7aeac973c2859

systemd-journal-remote-239-68.el8_7.4.s390x.rpm

SHA-256: 0a1701848c90ea7db9a2873cdd8b3d6445a60685d5ca799fe1668c48a7000c61

systemd-journal-remote-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: 9fb5e71ab620d1d32d0847302a3d009313dd97100b008839d5b05f8d8aa36034

systemd-libs-239-68.el8_7.4.s390x.rpm

SHA-256: 0b40bbfda3197ca9c6580fe438ed1356a81a60a4cb558ac886a2fb8763fe1072

systemd-libs-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: fcb0ab359c591df6e88a63f58a82e5568232df3a0a2423bd5b19630c6d65e228

systemd-pam-239-68.el8_7.4.s390x.rpm

SHA-256: 88fb64272144776c211d7003191157d115c3f0eddf12ad4261ae4c3a97f926a3

systemd-pam-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: 619d3470004f661a80a685de9cd5d065a5be78b8907a2398cb7b29372e661d35

systemd-tests-239-68.el8_7.4.s390x.rpm

SHA-256: 7a8178b358a7bac41b0ae236f4a4cf45ac5d55f1d1033da31bed16f2aba68046

systemd-tests-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: 05aaf7fd227c0378db574e4c35c994e571bec5a634c6b5c0c610f066be04b213

systemd-udev-239-68.el8_7.4.s390x.rpm

SHA-256: 38df848fd7625cd99e1541a72934175068477004dc70c96b44114fd421c43abe

systemd-udev-debuginfo-239-68.el8_7.4.s390x.rpm

SHA-256: 890a38775f895a5b3bce52189212e505029fbb1e97a875cbf4fe6fe01bed9fa6

Red Hat Enterprise Linux for Power, little endian 8

SRPM

systemd-239-68.el8_7.4.src.rpm

SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94

ppc64le

systemd-239-68.el8_7.4.ppc64le.rpm

SHA-256: 7bce37882f1a23e04fc144be7a6b5c4290e672a65c0def5a5332005c6b965dc8

systemd-container-239-68.el8_7.4.ppc64le.rpm

SHA-256: d74300f7e63ead06502f121e92b2c2c8f3bf27475040430b5988b784b6cdb22a

systemd-container-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: e20aed0201690a39e57f8c0dc52c61d4133301f386899583dfcb22de62c2096c

systemd-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: a7adf015cb62f30274f7a5718d6a91a43e45d8d9f3ebcc9d42c7d2ae52ce3226

systemd-debugsource-239-68.el8_7.4.ppc64le.rpm

SHA-256: 92dd6616cd7d6ca69a4f6587fc16d3060d7297b1a5ecb49de9c4e8ed1c8160ea

systemd-devel-239-68.el8_7.4.ppc64le.rpm

SHA-256: 2067f37a9042f3e223f4dcf2e474c39ebba46a7418db387dff99b4994848f955

systemd-journal-remote-239-68.el8_7.4.ppc64le.rpm

SHA-256: db70a39907644ce841152856f5afa1c62fde457e7493b895443b82b39ddc8c6e

systemd-journal-remote-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: 9ed7055c3495fe184ce48a6b30d7a7aab97073385cc3c66f3e79128e136777a4

systemd-libs-239-68.el8_7.4.ppc64le.rpm

SHA-256: 03967f3a615148a76083b321ca87d496bd1d50dff5042f9b2130d07265b37e64

systemd-libs-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: fd9b2d022c456607272e50419c5f8b236729a03be3f9ab21365f53ddc2fade4e

systemd-pam-239-68.el8_7.4.ppc64le.rpm

SHA-256: 875b06f9b4ad7b5de4b72c2c6cdb5abb91bf4522c714b9430493fee71630661a

systemd-pam-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: 8d59f951017927edb5ea5bd6e121dbb535a102a7637595c62dd4be194cc43eb1

systemd-tests-239-68.el8_7.4.ppc64le.rpm

SHA-256: 32c144dca197b69c47d77b8b96d9bb4235344102438080cbb3ba7c64f429344b

systemd-tests-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: 09ebf79d80f25dd5895d66b69d984b88bbb6402c97ebacb4a329fa69a843fb8a

systemd-udev-239-68.el8_7.4.ppc64le.rpm

SHA-256: cbae84631985463b9d2b3b3087b25d28f5b262719ce7f114f24e91fa8ea86c57

systemd-udev-debuginfo-239-68.el8_7.4.ppc64le.rpm

SHA-256: b5aa24200d73bd3ca902aa9794412a4f130d52f6dec54019f0c294105df57722

Red Hat Enterprise Linux for ARM 64 8

SRPM

systemd-239-68.el8_7.4.src.rpm

SHA-256: 69aef7f7816c2fd77038eb13597e41f27a21d2c1ddedd2a2adad0c2b8e0dce94

aarch64

systemd-239-68.el8_7.4.aarch64.rpm

SHA-256: 3c42b5efb332275433bc7dc7968adafb08cd09557ce38832df212af86373beb5

systemd-container-239-68.el8_7.4.aarch64.rpm

SHA-256: 63d2a0a48442c710db67b2f0f1bb765371289f29b396b4c71a47a690f1884c66

systemd-container-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 69ffc444ca03361fdd93783f044ce40ccd5a21f0c6f0b02e2be0aafe0f6a3613

systemd-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 786a3c6927028abc7e37a7a2ddd4e55bf608ea4a1940053f21a580c4eca2491e

systemd-debugsource-239-68.el8_7.4.aarch64.rpm

SHA-256: e631c7790afae4466304a25ab90e652f4fc7d63545ff21de24eb57894c03c179

systemd-devel-239-68.el8_7.4.aarch64.rpm

SHA-256: 60a311e0d1baf359bf7ec84439a2c893afdc100af0befd824d1455ce3a03cd32

systemd-journal-remote-239-68.el8_7.4.aarch64.rpm

SHA-256: 5ea0dd5c403ab209b487f942a2f5a50bb4f0d8f21a773e38b57410a2295bf1c6

systemd-journal-remote-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 9c2d4f165621180388ba3ae90cd1d84516d6f0ee3f234ed715dbbc59082023bf

systemd-libs-239-68.el8_7.4.aarch64.rpm

SHA-256: 081a1a244a806b88068bf8bedcc1025189ae6fc72221dddc3ee9e6d489bc8beb

systemd-libs-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 2ec4b73abbd05227033658c33499c1b613790f0b74426afd73290080cd102624

systemd-pam-239-68.el8_7.4.aarch64.rpm

SHA-256: 257f36e193c9892cea33d02642630d00ac494f696d559081633bb8ef525ffb6a

systemd-pam-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: d72c36f92a9a3b4b0ba2394450f3397731a84ee390ffc4d63767f5a1464fe61f

systemd-tests-239-68.el8_7.4.aarch64.rpm

SHA-256: 2121d730ac56ddf2ed104b96714eb2c60ba5836b0e03c1f9776002d7083195dd

systemd-tests-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 6af82e1cc4fb97c993603c7a173d0146c1eba3e803d4258a8f75d521f313ad5e

systemd-udev-239-68.el8_7.4.aarch64.rpm

SHA-256: 8e54d098a5fcbaedf9b13c1006112732e7dd8f2bd326b47da3399e4c62e5b566

systemd-udev-debuginfo-239-68.el8_7.4.aarch64.rpm

SHA-256: 3d0b5694b63fd68cc5a641134a93369dd9a0151a0c21be2dfc3ef6324dc42c28

Related news

Gentoo Linux Security Advisory 202405-04

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

RHSA-2023:2104: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2023: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40186: A flaw was found in HashiCorp Vault and Vault Enterprise, where they could allow a locally authenticated attacker to gain unauthorized access to the system, caused by a flaw in the alias naming schema implementation for mount accessors with shared alias n...

Red Hat Security Advisory 2023-1893-01

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1448-01

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-1454-01

Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1454: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...

RHSA-2023:1453: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...

RHSA-2023:1286: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update

Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-0931-01

Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-0932-01

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1170-01

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-0930-01

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

RHSA-2023:0931: Red Hat Security Advisory: Logging Subsystem 5.4.12 - Red Hat OpenShift

Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to alloc...

RHSA-2023:0930: Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift

Logging Subsystem 5.5.8 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

RHSA-2023:1170: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update

Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.

RHSA-2023:0932: Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift

Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

Ubuntu Security Notice USN-5928-1

Ubuntu Security Notice 5928-1 - It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:1079: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update

An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to c...

Red Hat Security Advisory 2023-0977-01

Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.

RHSA-2023:0977: Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update

An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0923: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

RHSA-2023:0954: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4415: A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. * CVE-2022-45873: A flaw was found in the systemd-coredump utility of systemd. When an application crashes, the systemd-coredump utility is called twice, once by the kernel and the ...

Red Hat Security Advisory 2023-0837-01

Red Hat Security Advisory 2023-0837-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an information leakage vulnerability.

CVE-2022-4415: security - systemd-coredump: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]