Headline
RHSA-2023:1440: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
Synopsis
Important: openssl security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
x86_64
openssl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: d904a0a46f9850f46f0a7ded16ca29011fe5af469b1e6e93618bfd3b88da2f4c
openssl-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: 986bdebc9aa14f32b0a00eab068f47fde17e290714cbe11493732fbe3da436a6
openssl-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 6723c875110b1165442b477585c3001a86c3f5d3618681f16802eab2e5490932
openssl-debugsource-1.1.1g-18.el8_4.i686.rpm
SHA-256: 9bd58d5f8516ea2b4f97a8da2d78888b08f23689ff0a6117d429bf3110761e31
openssl-debugsource-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 4bf8bc976bda4e350bcc9f061e57d43a77a949cd380eb164264bdc0c87f4da1b
openssl-devel-1.1.1g-18.el8_4.i686.rpm
SHA-256: d1b1d316b1529af4e00e0334e572547b29dcfdf55fffa7cddafcb7c6d6f46795
openssl-devel-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: db46d57c809fca2c22e2e52e8287f7e714d07596ec283f471a13d99d17f404a3
openssl-libs-1.1.1g-18.el8_4.i686.rpm
SHA-256: d2dba291a0a0870720ddc5d004cac3dc2594f158da7b47c403a5e1ef8d8523ff
openssl-libs-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 49f33064175381b45e6bf902f761c0180f6721a55e674521640aa6cf625cd8d4
openssl-libs-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: bfd7c1bd35f94679f3bfb36b8e833b9cebb2615201f7a1bcca0a6d3dd639ffea
openssl-libs-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: b9854b3ff5b92688f81f74f8002a522cb91699ba41d1e1565fa02dae6b163bf3
openssl-perl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 3a03febe7f7df54856efe322580354cf78ce2e208caf47155b894e748539a528
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
x86_64
openssl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: d904a0a46f9850f46f0a7ded16ca29011fe5af469b1e6e93618bfd3b88da2f4c
openssl-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: 986bdebc9aa14f32b0a00eab068f47fde17e290714cbe11493732fbe3da436a6
openssl-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 6723c875110b1165442b477585c3001a86c3f5d3618681f16802eab2e5490932
openssl-debugsource-1.1.1g-18.el8_4.i686.rpm
SHA-256: 9bd58d5f8516ea2b4f97a8da2d78888b08f23689ff0a6117d429bf3110761e31
openssl-debugsource-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 4bf8bc976bda4e350bcc9f061e57d43a77a949cd380eb164264bdc0c87f4da1b
openssl-devel-1.1.1g-18.el8_4.i686.rpm
SHA-256: d1b1d316b1529af4e00e0334e572547b29dcfdf55fffa7cddafcb7c6d6f46795
openssl-devel-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: db46d57c809fca2c22e2e52e8287f7e714d07596ec283f471a13d99d17f404a3
openssl-libs-1.1.1g-18.el8_4.i686.rpm
SHA-256: d2dba291a0a0870720ddc5d004cac3dc2594f158da7b47c403a5e1ef8d8523ff
openssl-libs-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 49f33064175381b45e6bf902f761c0180f6721a55e674521640aa6cf625cd8d4
openssl-libs-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: bfd7c1bd35f94679f3bfb36b8e833b9cebb2615201f7a1bcca0a6d3dd639ffea
openssl-libs-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: b9854b3ff5b92688f81f74f8002a522cb91699ba41d1e1565fa02dae6b163bf3
openssl-perl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 3a03febe7f7df54856efe322580354cf78ce2e208caf47155b894e748539a528
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
s390x
openssl-1.1.1g-18.el8_4.s390x.rpm
SHA-256: d5249edaefb8e28f08412574bf8e1fa4fee692d500fcb46b992061c459bebba8
openssl-debuginfo-1.1.1g-18.el8_4.s390x.rpm
SHA-256: e1c06af879a422ba752909bf1c07faf98fabf5974303fec843dacc528ccff657
openssl-debugsource-1.1.1g-18.el8_4.s390x.rpm
SHA-256: 07a76af00685981e96b19de89a25acf8c7efbd6f19c22741ba6326a0653a65f3
openssl-devel-1.1.1g-18.el8_4.s390x.rpm
SHA-256: a6f720323d5cdfd5e529d68fd444bbb2e738a7dad52b8ca9ecb397ebc0e493ae
openssl-libs-1.1.1g-18.el8_4.s390x.rpm
SHA-256: 69a43ff8062aca38f7fd2bf90caa082b6b0cdb97fa84d19bfff8231265407d5f
openssl-libs-debuginfo-1.1.1g-18.el8_4.s390x.rpm
SHA-256: 5963a4a306c47042bd4892476098af9e99574f28dd18fee5bcd655941a56840a
openssl-perl-1.1.1g-18.el8_4.s390x.rpm
SHA-256: e59f7ed9f0f04c3d2764f05aad55f498213d1856b1b0ee5eab68e6c187a56d20
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
ppc64le
openssl-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 690940038697a33ff65cf57a1b9a59dda0359806234252bb6830093d2ae98516
openssl-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 2eaf3bd15c6d34e79d3570deac30865db5dc51dabae2941d15c28cbb8f318eab
openssl-debugsource-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 0fc5b20782f5a659bf62bb107caf4e9acab6f0ddaa9f6de2319c99ff1c1d3301
openssl-devel-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: e48fdf26d39814d63b5937690cda4c635a9793e4e27a1884aef3ec828040243a
openssl-libs-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: f143a581deeb5e4cba2b75a648943d812c44eaf7f74d4a04aa921adfc00bf457
openssl-libs-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 21a97237cebd38779ad5fc6a13cef424657191987e1c3ba013eab5e0dd6e83cf
openssl-perl-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: fc20aa8665fd56ca5e2feb7de90809f88f9931ff76f737ccf74a7e0c155c905b
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
x86_64
openssl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: d904a0a46f9850f46f0a7ded16ca29011fe5af469b1e6e93618bfd3b88da2f4c
openssl-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: 986bdebc9aa14f32b0a00eab068f47fde17e290714cbe11493732fbe3da436a6
openssl-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 6723c875110b1165442b477585c3001a86c3f5d3618681f16802eab2e5490932
openssl-debugsource-1.1.1g-18.el8_4.i686.rpm
SHA-256: 9bd58d5f8516ea2b4f97a8da2d78888b08f23689ff0a6117d429bf3110761e31
openssl-debugsource-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 4bf8bc976bda4e350bcc9f061e57d43a77a949cd380eb164264bdc0c87f4da1b
openssl-devel-1.1.1g-18.el8_4.i686.rpm
SHA-256: d1b1d316b1529af4e00e0334e572547b29dcfdf55fffa7cddafcb7c6d6f46795
openssl-devel-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: db46d57c809fca2c22e2e52e8287f7e714d07596ec283f471a13d99d17f404a3
openssl-libs-1.1.1g-18.el8_4.i686.rpm
SHA-256: d2dba291a0a0870720ddc5d004cac3dc2594f158da7b47c403a5e1ef8d8523ff
openssl-libs-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 49f33064175381b45e6bf902f761c0180f6721a55e674521640aa6cf625cd8d4
openssl-libs-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: bfd7c1bd35f94679f3bfb36b8e833b9cebb2615201f7a1bcca0a6d3dd639ffea
openssl-libs-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: b9854b3ff5b92688f81f74f8002a522cb91699ba41d1e1565fa02dae6b163bf3
openssl-perl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 3a03febe7f7df54856efe322580354cf78ce2e208caf47155b894e748539a528
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
aarch64
openssl-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: a1ae0a70f67468207cef094d12ce6ec440e0fcf025665cede07143c05fbaadf2
openssl-debuginfo-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: 2a00b492b07958e78c3a911b630f66399a2f4f7f037e60dc326b3588333dd78f
openssl-debugsource-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: d5a4d50f68a22b4cb76bd42861265517ddb5623fbb259266b8af9ee57763ff36
openssl-devel-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: 26f8ccf8a0e6a71fb3123e8bba456ee420aa98bf96107c9d1080c94868b2111c
openssl-libs-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: 2943755f0a386c1ca14c3c7b57a250d727e8ee40401939f38ee173418512ab34
openssl-libs-debuginfo-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: ad8ab6b106443252e4e51f78f958f6ae8527b0a88afc5c58f6bcad6302fd2ff4
openssl-perl-1.1.1g-18.el8_4.aarch64.rpm
SHA-256: 08a9071791ad5e989167ba60599f48957b58fb9937f4db8a1fab33392da9a2ea
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
ppc64le
openssl-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 690940038697a33ff65cf57a1b9a59dda0359806234252bb6830093d2ae98516
openssl-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 2eaf3bd15c6d34e79d3570deac30865db5dc51dabae2941d15c28cbb8f318eab
openssl-debugsource-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 0fc5b20782f5a659bf62bb107caf4e9acab6f0ddaa9f6de2319c99ff1c1d3301
openssl-devel-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: e48fdf26d39814d63b5937690cda4c635a9793e4e27a1884aef3ec828040243a
openssl-libs-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: f143a581deeb5e4cba2b75a648943d812c44eaf7f74d4a04aa921adfc00bf457
openssl-libs-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: 21a97237cebd38779ad5fc6a13cef424657191987e1c3ba013eab5e0dd6e83cf
openssl-perl-1.1.1g-18.el8_4.ppc64le.rpm
SHA-256: fc20aa8665fd56ca5e2feb7de90809f88f9931ff76f737ccf74a7e0c155c905b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
openssl-1.1.1g-18.el8_4.src.rpm
SHA-256: b0d30b47f604e46c53e0a7a66289180db4ecee959989c9c205dc8b252254e65b
x86_64
openssl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: d904a0a46f9850f46f0a7ded16ca29011fe5af469b1e6e93618bfd3b88da2f4c
openssl-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: 986bdebc9aa14f32b0a00eab068f47fde17e290714cbe11493732fbe3da436a6
openssl-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 6723c875110b1165442b477585c3001a86c3f5d3618681f16802eab2e5490932
openssl-debugsource-1.1.1g-18.el8_4.i686.rpm
SHA-256: 9bd58d5f8516ea2b4f97a8da2d78888b08f23689ff0a6117d429bf3110761e31
openssl-debugsource-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 4bf8bc976bda4e350bcc9f061e57d43a77a949cd380eb164264bdc0c87f4da1b
openssl-devel-1.1.1g-18.el8_4.i686.rpm
SHA-256: d1b1d316b1529af4e00e0334e572547b29dcfdf55fffa7cddafcb7c6d6f46795
openssl-devel-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: db46d57c809fca2c22e2e52e8287f7e714d07596ec283f471a13d99d17f404a3
openssl-libs-1.1.1g-18.el8_4.i686.rpm
SHA-256: d2dba291a0a0870720ddc5d004cac3dc2594f158da7b47c403a5e1ef8d8523ff
openssl-libs-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 49f33064175381b45e6bf902f761c0180f6721a55e674521640aa6cf625cd8d4
openssl-libs-debuginfo-1.1.1g-18.el8_4.i686.rpm
SHA-256: bfd7c1bd35f94679f3bfb36b8e833b9cebb2615201f7a1bcca0a6d3dd639ffea
openssl-libs-debuginfo-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: b9854b3ff5b92688f81f74f8002a522cb91699ba41d1e1565fa02dae6b163bf3
openssl-perl-1.1.1g-18.el8_4.x86_64.rpm
SHA-256: 3a03febe7f7df54856efe322580354cf78ce2e208caf47155b894e748539a528
Related news
Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.
Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.
Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
An update is now available for Red Hat JBoss Web Server 5.7.3 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decry...
Red Hat JBoss Web Server 5.7.3 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be abl...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....
Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.
Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29017: A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. * CVE-2023-29199: There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, al...
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.
Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large...
Red Hat Security Advisory 2023-1440-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
An update for openssl is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to r...
An update for openssl is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling...
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...
Red Hat Security Advisory 2023-1335-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cau...
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
Ubuntu Security Notice 5845-2 - USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service.