Headline
RHSA-2023:3287: Red Hat Security Advisory: OpenShift Container Platform 4.12.19 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a remote attacker can cause the application to crash.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-31
Updated:
2023-05-31
RHSA-2023:3287 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: OpenShift Container Platform 4.12.19 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2023:3286
Security Fix(es):
- dns: Denial of Service (DoS) (CVE-2018-17419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Solution
For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are:
(For x86_64 architecture)
The image digest is sha256:41fd42cc8b9f86fc86cc8763dcf27e976299ff632a336d393b8e643bd8a5f967
(For s390x architecture)
The image digest is sha256:13666e036043e0d2283890259861a8b8132e6afc818973a2f8bab28d9947cd94
(For ppc64le architecture)
The image digest is sha256:00b61dd3ae8d8da28eb7a5385eb1c7f200efa73023e44b1c220a7d041ca1bad1
(For aarch64 architecture)
The image digest is sha256:3d73e42724be8f53f8511df17ef900225305226d37397ffde3385cbc6c55a132
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
- Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
- Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64
Fixes
- BZ - 2188523 - CVE-2018-17419 dns: Denial of Service (DoS)
- OCPBUGS-10275 - [4.12] Lazily unmount /proc/cmdline
- OCPBUGS-12787 - OLM CatalogSources in guest cluster cannot pull images if pre-GA
- OCPBUGS-13530 - Root device hints should accept by-path device alias
- OCPBUGS-13599 - OSD clusters’ Ingress health checks & routes fail after swapping application router between public and private
- OCPBUGS-13719 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
- OCPBUGS-13739 - Failed to create STS resources on AWS GovCloud regions using ccoctl
- OCPBUGS-13743 - [4.12] container_network* metrics fail to report
- OCPBUGS-13750 - “pipelines-as-code-pipelinerun-go” configMap is not been used for the Go repository
- OCPBUGS-13757 - The MCD has a non-functional pivot command that should be deprecated
- OCPBUGS-13760 - Yum Config Manager Not Found
- OCPBUGS-13821 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.12)
- OCPBUGS-6848 - Service name search ability while creating the Route from console
- OCPBUGS-7439 - Egress service does not handle invalid nodeSelectors correctly
- OCPBUGS-7619 - Search page: LazyActionMenus are shown below Add/Remove from navigation button
- OCPBUGS-7924 - Developer - Topology : ‘Filter by resource’ drop-down i18n misses
CVEs
- CVE-2018-17419
- CVE-2022-25147
- CVE-2023-25652
- CVE-2023-25815
- CVE-2023-29007
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
aarch64
openshift4/driver-toolkit-rhel8@sha256:5fa3537e9a3e6d6e24567faeca0159a7d66ecf43d1ed42575d4ce214d1408444
openshift4/network-tools-rhel8@sha256:222734de7fa3f5f05ffe52a5f768e2ed5f777b8b98d1c4e6d6e4a2eb26db3228
openshift4/ose-agent-installer-node-agent-rhel8@sha256:8d61d9e735404c2c89b900e74788bd9a6266ccd1d212c28466d13ceb7e837ccf
openshift4/ose-baremetal-rhel8-operator@sha256:61106eadd60b76fe1f8b8a701c3ef552439e8548313a1966ba54e4dd3f2c012a
openshift4/ose-cloud-credential-operator@sha256:200b3fe70359f82698e3206949cfb89677bc45caaa039bfd931cf899fddcc480
openshift4/ose-cluster-node-tuning-operator@sha256:3ed552879211e0e5195dcaff39f4208808e889471b74c11de5e73adad0d3cafa
openshift4/ose-cluster-storage-operator@sha256:222fa39abd2cf68693ad22e47718b3792aa33389429f97cc6b25c37c4f1c1b8d
openshift4/ose-console@sha256:5c95fd3aa8e329c7461bce80782ce4c3e8fa28d370b09ebd3acc1b5ba37ef88d
openshift4/ose-console-operator@sha256:3af3b89e2a8c77af49dad041a48bcac28d79941456903e0a872b27a0b16b06d2
openshift4/ose-csi-livenessprobe-rhel8@sha256:0ce7e4869cd8a8389c5de0556a75c487b74b0135113cb51976eb5f3e82f8bf23
openshift4/ose-csi-livenessprobe@sha256:0ce7e4869cd8a8389c5de0556a75c487b74b0135113cb51976eb5f3e82f8bf23
openshift4/ose-docker-builder@sha256:82c55d7e3bf54e3f14d86283a00722018836ef24bfa62cae76f1b6bb587febb6
openshift4/ose-hypershift-rhel8@sha256:dee0e84b35a79aaca6b59bbb6a8e6b70276601d96a9fefe6a221b7606f4b6f1a
openshift4/ose-ironic-rhel9@sha256:b5f2a53f84877b28b2b1f8ba3151ff2ab9f1dc93c17cedc49bf6e9ec588d7c5b
openshift4/ose-kube-proxy@sha256:5a707252ce27573f4bb470d5e2d4bc869c4f87f7e2ae8881fb9fd90fd0708b0a
openshift4/ose-machine-config-operator@sha256:5aadccb6a4b322da5e56efdc206f3dca1ed91a7045df81bb6db5956abceda99b
openshift4/ose-ovn-kubernetes@sha256:8d8e424d9db3ea98fb7fee96acbc520cc253ecb9e812d6c295b4d183c0088c87
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:5ff2110b1f09f187ae186d14f2db91691e40e0452b6a966ee635acd7f4492640
openshift4/ose-sdn-rhel8@sha256:9be96bf62816ac5b04a1e119579b409c1aad25ba3a6943e6664234d6d4547a42
openshift4/ose-tests@sha256:0fc9266a5cc735b3d3bff191b50c84380e93fc6e9f3feee823b4898f4bee7bc2
openshift4/ose-tools-rhel8@sha256:6ba485ca7d5a652f2f6e27c0163d55f22e7a61f0d8a2870f39daa07435c6d6c3
ppc64le
openshift4/driver-toolkit-rhel8@sha256:a13de971e0ba038eb719284c54363083ba4698968dfd813d2fb313eb25a7d4e8
openshift4/network-tools-rhel8@sha256:765f6f2218e07d77bd43c7f2b4d5e3c3e163b2de6f8b157d3e871ac6b1e945aa
openshift4/ose-agent-installer-node-agent-rhel8@sha256:d6f42b96be3870ecbb649cd9cffa520b020fa54d355b2d2a6cbb31736cb90a98
openshift4/ose-baremetal-rhel8-operator@sha256:aacc7590ea3d3af9e641d6844585ef8bf3922c08a1fd8a638b7f9bbb327347b8
openshift4/ose-cloud-credential-operator@sha256:581bfb29847aa9e10a74a3bec6ee8e16a1c45fc63258c527ae20ea6a30da10fa
openshift4/ose-cluster-node-tuning-operator@sha256:39cd459114207a561e80fc19605797cb7c2141febe86a66b799b17a42ccd8b0c
openshift4/ose-cluster-storage-operator@sha256:c9f434f6a42842955acecb9413b3eea40235d604e3e46037a65fb07b9aad27dd
openshift4/ose-console@sha256:f394b33afcb7e4b997b757d52f5010b1cc0e7b32eab80ea83a06d95d358c6c22
openshift4/ose-console-operator@sha256:009891cd53f05a978356a21700cd7acb95f23181579aad2544066d1c9759bd68
openshift4/ose-csi-livenessprobe-rhel8@sha256:d3665648ae2377db1dc7e5b03540b8349184f81480adea3e583db38dc9b6d48c
openshift4/ose-csi-livenessprobe@sha256:d3665648ae2377db1dc7e5b03540b8349184f81480adea3e583db38dc9b6d48c
openshift4/ose-docker-builder@sha256:63204a43a6c920f2b95f419dd14d6115e3e4360cb256f81490fe9ff34a7a4d2d
openshift4/ose-hypershift-rhel8@sha256:40164090a9b7189aea2b7ad8651cc6a3f93acb426eb5967533e3a31da5f40034
openshift4/ose-kube-proxy@sha256:f7564f00bfc6d879383373beabda901ad08726c14bcee96c3d77eb1f1977505f
openshift4/ose-kuryr-cni-rhel8@sha256:c22b5db0bf401c0d73a22d6f43e1c5a859d4d68e771b34c65a0be0f9ddf60e3a
openshift4/ose-kuryr-controller-rhel8@sha256:e9e4935de3377a659007b25f62d5a2685749b000f3475bb506228be65f687320
openshift4/ose-machine-config-operator@sha256:f8bf78a3013f387658a8f227b32b4b7e3eee52f821c45ff7d25274913c6a7929
openshift4/ose-ovn-kubernetes@sha256:c62cb4c4cd34e5c8ed5a0bc43b4701cf71e418ee7062f84a87ccbe6c65a16b75
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:6ee090731b3698fa3ccb7b97cbaeb4716ee78d9aa9b2ab665cf145e2c334573c
openshift4/ose-sdn-rhel8@sha256:5c7e3702ac3c52d32e34253b0262c28c223570d82f3c28fbb998c2d25247720c
openshift4/ose-tests@sha256:12dec5cb15396f8c7135384c41768f37c925d0d97d2919c2661e9d903d18a9c1
openshift4/ose-tools-rhel8@sha256:6d13d7ff7526ece3dad6664519a83b855234364ec251aec0102e3ecd5e38568a
s390x
openshift4/driver-toolkit-rhel8@sha256:052ff26099d12eeefb091886fb025b36134c5a71cd67b21623a2ee1a7093193f
openshift4/network-tools-rhel8@sha256:a4345c7406f634a92336c5f0250144bb1e9eb002fb42c9d9b236c38c33be3b58
openshift4/ose-agent-installer-node-agent-rhel8@sha256:606c52e072f84cda327e09422f162df5d048649e7b14b809cd4a4c39b56102fd
openshift4/ose-baremetal-rhel8-operator@sha256:799571d70aaec06b9c705d281a635ad299dd7d771b9fa439a36aac9536aa503a
openshift4/ose-cloud-credential-operator@sha256:2ee027a0c5335da2d34fe85a5ba841f086769731be732b4532c6d8d59682fbd6
openshift4/ose-cluster-node-tuning-operator@sha256:0d5ded10f510225678c8e0b38c6fc9fc7722d1ebb260414fcea517a38be5bf7a
openshift4/ose-cluster-storage-operator@sha256:ff373ddb37ca3fac8f43c25e83974839e9492325e7dca9cdf473cc85e410082d
openshift4/ose-console@sha256:5cb1d5a5b872ec9d0eaca36e19859d6c794a054aee25b49d1d69bed1427fd24c
openshift4/ose-console-operator@sha256:418b4ad76460f091a180bf92f61cb24ee9e26552eb13fa81a166100c05b8449d
openshift4/ose-csi-livenessprobe-rhel8@sha256:8223b530fa2172e70d5a0ea7f76124899be6731a7910b7f447ac758089d11cf5
openshift4/ose-csi-livenessprobe@sha256:8223b530fa2172e70d5a0ea7f76124899be6731a7910b7f447ac758089d11cf5
openshift4/ose-docker-builder@sha256:adb80d0341af630910b6ca987800ba2539420372e0f0553a3eb9eda2f013ac82
openshift4/ose-hypershift-rhel8@sha256:e86c6176c79873ebd3ec711d4d7d100b4034c5738264b2d9c1e326cebb5da0f6
openshift4/ose-kube-proxy@sha256:16bf3d439fdeb943f83ac86db546bea4ad20a915a5293f4c63293c759d1c6f49
openshift4/ose-machine-config-operator@sha256:6afc3e6f038732a86fec5c44a2cae864439d6d696143e42297527bf9b9cb9693
openshift4/ose-ovn-kubernetes@sha256:bbbcdd0aad2e42941b6da774f65615044f5b5b5d349adce139a2028b2e89e4ee
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:f3d1250dc01666e723f03740b9545c8bc5b80f473d8986f2bc86842ce4bae185
openshift4/ose-sdn-rhel8@sha256:4f5497c7c95a2ff20dbc912bd9f4813813448f8d13c04f2bb74a2d2c09f20592
openshift4/ose-tests@sha256:a8667c96ee427fb393a10e4d138b3a464f7992a5506116a2c79cc965b2cce18c
openshift4/ose-tools-rhel8@sha256:de2395ffd4878d89ba1fb9581fcd52dec80e2c22b0ba1418668455ef5acaba99
x86_64
openshift4/driver-toolkit-rhel8@sha256:c3f8f489ce56ec03064a552bf4e85c9dab6c35b3c9f29c301e33c9ac8be03bf6
openshift4/network-tools-rhel8@sha256:395685c02c01238b0683bb5c701b40a2cf29d7a85ff17bd9760e9fe297fef708
openshift4/ose-agent-installer-node-agent-rhel8@sha256:7797f95c15da8c6f81c3d7664c329238cb0b5fdbdffb74d18ea03511f2feb3c4
openshift4/ose-baremetal-rhel8-operator@sha256:9cd216db0ce0517609c8c55d1f88b0edd1f6837db2b1ead283bd5bc530283aa6
openshift4/ose-cloud-credential-operator@sha256:61e97ce98c720c9891b284c2e3da95a1e9fba7fb564401bd1043e4129b603642
openshift4/ose-cluster-node-tuning-operator@sha256:20929cd82fb9165e2b4a176c3482da263494bb7c7371a16eba56d18f65543a99
openshift4/ose-cluster-storage-operator@sha256:503cc9d2880e43d4c211a887cc5c67f1cd481c2553048aad74d4454e263a49e7
openshift4/ose-console@sha256:d454863f1b68396af203246b4dc134c002c9e016ca857c15d676dba9fd184344
openshift4/ose-console-operator@sha256:504e6defb83f904eacd995b31aa4f960c3f35457e5bc3ff5cd629088063470c6
openshift4/ose-csi-livenessprobe-rhel8@sha256:145cb33e66f03b94980a24f1f5578a53c7392c51e14659f535ecac5999f78158
openshift4/ose-csi-livenessprobe@sha256:145cb33e66f03b94980a24f1f5578a53c7392c51e14659f535ecac5999f78158
openshift4/ose-docker-builder@sha256:26bb6d2e7ec8f3e969ecb03c1cea5c41d61d3d99363f330fde114c6482628a72
openshift4/ose-hypershift-rhel8@sha256:403e2d84df04695842ea40bbfaf084489713eb5eb62c3ad092fa54d9e709617b
openshift4/ose-ironic-rhel9@sha256:dcae3fd16f67dc12ded846550c0ba4f5775a52b323d0c82776fb4b415563d665
openshift4/ose-kube-proxy@sha256:15a2943de9fa23cec31348fd4ead1c6d14f265ed2a5c9b238c6f98a389b7ef46
openshift4/ose-kuryr-cni-rhel8@sha256:c5af2a2eb1ab62b5ee00abb4c8a8f0eb7c381753eb81e4782a5e1d3afa4cd68c
openshift4/ose-kuryr-controller-rhel8@sha256:af1809e49d3fce19d1053f92415632293be93267e0de2a9323e75be0511121df
openshift4/ose-machine-config-operator@sha256:7b1bb1ae2f16ce686b25009856d2ac5a4ddb3412be8a6cba6ab43908455639e3
openshift4/ose-ovn-kubernetes@sha256:fffdf0d2a27c9792db9a677aee9cbb3883c39f89771f644ef4c4d057ab9bcd67
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:4c81687486ef0e3df1e4f893db43c20aece615544db222a08e67a07b31d1b3d8
openshift4/ose-sdn-rhel8@sha256:e6a26dc5e2f134836f5acf208dbbfd3cce13e284dd83637860eee7db2be4a889
openshift4/ose-tests@sha256:e59a417d59b8b59d4950e89eececef878e585ea00789bdf734bf95a299d3fe7b
openshift4/ose-tools-rhel8@sha256:b56d222c6c74d385d1886e8569fc01603c35eb27d7e5b5e0a85faf9c703d9166
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.