Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2098: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Data
#vulnerability#red_hat#dos#kubernetes

发布:

2023-05-03

已更新:

2023-05-03

RHSA-2023:2098 - Security Advisory

  • 概述
  • Updated Images

概述

Moderate: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes

类型/严重性

Security Advisory: Moderate

标题

Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

描述

Multicluster Engine for Kubernetes 2.0.8 images

Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):

  • CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service

(ReDoS) vulnerability

受影响的产品

  • multicluster engine for Kubernetes Text-only Advisories x86_64

修复

  • BZ - 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

CVE

  • CVE-2022-4304
  • CVE-2022-4450
  • CVE-2022-25881
  • CVE-2023-0215
  • CVE-2023-0286
  • CVE-2023-0361
  • CVE-2023-0767
  • CVE-2023-23916

参考

  • https://access.redhat.com/security/updates/classification/#moderate

aarch64

multicluster-engine/agent-service-rhel8@sha256:e9db5bbb914fc5acb2fd4043fe080871137efa7898076978e6760d066cb6e3ae

multicluster-engine/apiserver-network-proxy-rhel8@sha256:1059dcf0baa10711293d1a68e2cf94007700c10ae766108e4516363d7719b053

multicluster-engine/assisted-image-service-rhel8@sha256:528c1beba81ee8df1d285d6a6247aa9d5e015e3383b3df24069a953a13ae6af4

multicluster-engine/assisted-installer-agent-rhel8@sha256:5625b33a8e26fa2531a5da42151b8cda7592c6f4252d4b5d1b81e2a822509634

multicluster-engine/assisted-installer-reporter-rhel8@sha256:f3550478f1c5c94c40e14fb621238cdaa2a774cb20ca5c5a7b396c525bb7b119

multicluster-engine/assisted-installer-rhel8@sha256:0124ef35b82f022c1067926e82c8d5b87dbecd9faaacf95222a971489f3cdbc7

multicluster-engine/aws-encryption-provider-rhel8@sha256:3012a831579eea8ad086e93891425e69dc0032085bd1b27241ab365ff6eaeef9

multicluster-engine/backplane-rhel8-operator@sha256:a0a3320c90275244b8bca4e4498b86ebc1a3686d7087af20929231788699459a

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:bea09a50172d4638aff6f4a3abf06a2a12f162ce9de3d15af64d78f009ffd70f

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:bea09a50172d4638aff6f4a3abf06a2a12f162ce9de3d15af64d78f009ffd70f

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:3b2e31ac71b7fce2babcb0dc2e662adf2be4765e0ee45a9c56d45a74d9d2cc6a

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:bf3c059f40af3d2b9861554d2d44f8b46276bfefdcaef446db289d3fc1024e90

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:a104efc00d5605f7a8d69400032baa2bbd1aa2371e5b3386ba667d8b6ce3d466

multicluster-engine/cluster-api-rhel8@sha256:c67a2d4058dab7046d81159442cb751b79d14ce66868c5f02c58e41949a0ff92

multicluster-engine/cluster-curator-controller-rhel8@sha256:2d63f24ede8bcd88a28a83b0b08ace3c3d83324ecf8fe1d1668a4598355a6172

multicluster-engine/clusterclaims-controller-rhel8@sha256:c09a2cb2645bd5185ff2f8eaa55faf347eb88cad23ac950786fcc86885e38e14

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:a42f3167ed09241a24d8884b0b757f01fbf8dc64eec84eeb796ebb7685e3b21d

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:64c12883f02f35a95838c386f68238fc5e5812b7e241d493e0ff3e9739844ab1

multicluster-engine/console-mce-rhel8@sha256:64c12883f02f35a95838c386f68238fc5e5812b7e241d493e0ff3e9739844ab1

multicluster-engine/discovery-rhel8@sha256:af98a2684f06cded753b43f8f25bd63f1b08e6b4cb2b9f3ac985f487d30de108

multicluster-engine/hive-rhel8@sha256:90928e22f4899ecb02c43369165985d1724854b3e50a312fea4d84afa5ccfad2

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:4e2bd6299682faab407817fb1b9b5d98f66113b49eef7250ffcb528e027e7b22

multicluster-engine/hypershift-addon-rhel8-operator@sha256:4e2bd6299682faab407817fb1b9b5d98f66113b49eef7250ffcb528e027e7b22

multicluster-engine/hypershift-deployment-controller-rhel8@sha256:e6a918b2896cb12073ea7944c522cc18d7812bd1a98573a18fa946d8f45d3250

multicluster-engine/multicluster-engine-hypershift-deployment-controller-rhel8@sha256:e6a918b2896cb12073ea7944c522cc18d7812bd1a98573a18fa946d8f45d3250

multicluster-engine/hypershift-rhel8-operator@sha256:e56690d30293de9cdd587577102fa9809f7c5dad2ae4f8403fcc2e79fac5b9af

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:56df17cc7d4789df73b0979c2799eae13ea4dabb0cfa5b9ad07b3088ffc23415

multicluster-engine/managed-serviceaccount-rhel8@sha256:56df17cc7d4789df73b0979c2799eae13ea4dabb0cfa5b9ad07b3088ffc23415

multicluster-engine/managedcluster-import-controller-rhel8@sha256:1f70e2efd2e2b9e94f3d1bed8b8e4590593d2d4b504fabc76e165ed709960cc9

multicluster-engine/multicloud-manager-rhel8@sha256:549e4c2f966fb81c86dd28f63d985e0b1d7f72d52d512336bdc54e7750f19ef1

multicluster-engine/must-gather-rhel8@sha256:2d66f2ed20efc0f0d010b3ef1aab1efd29f2a05855a2162eb408e57e7c396048

multicluster-engine/placement-rhel8@sha256:3b79cce7eac143a8ae54d9fb5819eb8936ad765a43a3acc04babd251b8f10a6c

multicluster-engine/provider-credential-controller-rhel8@sha256:60b0d4725ffb384b99f860609dd4098253d2b1261cb6ac5c4509c7402d105991

multicluster-engine/registration-operator-rhel8@sha256:73443ddeac5dd25d399c995832888561f0450e152e25a6f4cbb60a76a0cc331d

multicluster-engine/registration-rhel8@sha256:2196c86fdd2a40e681772bbdf6e96dc326f5016b48657be6cf5b4440058dc116

multicluster-engine/work-rhel8@sha256:a278fc25c36a1003b2c5e4494838f960e1c9b68252c39dda33fbbb96c30c65dc

ppc64le

multicluster-engine/agent-service-rhel8@sha256:e23fd8486bb6d5a855c19fa5c6deacc4b618050b24682a39e43c72b54d477259

multicluster-engine/apiserver-network-proxy-rhel8@sha256:ca21d47df9252c588ac3b62ee4c9c316dd78841f4c01370d000a82b4bf6989d4

multicluster-engine/assisted-image-service-rhel8@sha256:010f4302c1a117c4b6acec689dc4b3e163a7aa8248a8cb404ea798332e763a2d

multicluster-engine/assisted-installer-reporter-rhel8@sha256:6c652ca955753d38ae8001a96a7566f9fddeda7dafb539c5690ef9e59dba5898

multicluster-engine/assisted-installer-rhel8@sha256:963dfc99b824553e6d824e9e82f01771b6f9418e0e0e7d12cb63400ce20d1a18

multicluster-engine/aws-encryption-provider-rhel8@sha256:b390f8ad0a6300897c423ccf7a3b5b5ccaf0376f7db41433db04e02f94c6450b

multicluster-engine/backplane-rhel8-operator@sha256:6eed5640e54dcf316b7066be74a7e4d3ba5518104806b9889c4602c8314141bc

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:1ff75eb0b4b315560e6c78cf71cad13a09e43b8017c269071389a65e93b99057

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:1ff75eb0b4b315560e6c78cf71cad13a09e43b8017c269071389a65e93b99057

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:92b1741abd7956f31d8230e3b03c7946845fe1fea347108b1e8f9d1775b21ec8

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:0a53815dd1518a8e10ea26c9f3a024c675a41f901bd0d81a0bc6974f837342fd

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:e994ecb70c2b61627a12d6651126da1616862c7121f85ec36883feb6482cdd76

multicluster-engine/cluster-api-rhel8@sha256:f64b4dd9ae882951c4ea5a0a8228365d0f2fbf525389da4955c676b9e5b9b301

multicluster-engine/cluster-curator-controller-rhel8@sha256:67204a2cae0b957eea73936132cc17d2760d4191e894bc864850da4701f2c287

multicluster-engine/clusterclaims-controller-rhel8@sha256:d46cabb6560cc0e35d2ddb3ab4796e72b7065d78b7ccefc9b66de1463642ecb6

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:530a667f5ad05a09af6cd33f751f1357b36a0e09ab487e5a3c36a026410f3bf0

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:9989146724112839a2b363054b140c7b9be9b5b9fef31735d38f5fabbac0a195

multicluster-engine/console-mce-rhel8@sha256:9989146724112839a2b363054b140c7b9be9b5b9fef31735d38f5fabbac0a195

multicluster-engine/discovery-rhel8@sha256:c26c4d3be3429ad2523cc35e5ff3b6f97e472de421a5a6429934d0356e188d55

multicluster-engine/hive-rhel8@sha256:56f69d5ac57ef0794b05aad95a0cc0e22b18fa3fbf2b5b7f8b75ab731add3b4b

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:4ce3c05c5f80b560411a3d2b56ede906f823229985536552636619e0236c5459

multicluster-engine/hypershift-addon-rhel8-operator@sha256:4ce3c05c5f80b560411a3d2b56ede906f823229985536552636619e0236c5459

multicluster-engine/hypershift-deployment-controller-rhel8@sha256:a137394e4cb1adbd30821899153750e0b19323d87190e50aa83f19c45d99c4bb

multicluster-engine/multicluster-engine-hypershift-deployment-controller-rhel8@sha256:a137394e4cb1adbd30821899153750e0b19323d87190e50aa83f19c45d99c4bb

multicluster-engine/hypershift-rhel8-operator@sha256:7a86f63853bce0130300cac12c1dbe132e8b2cdb50aea05b3a0f9c6b1dd3bacf

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:5b8ac6d28f6526d1839caa37f38d1957d5e26d93215b61848e47959be8eef66e

multicluster-engine/managed-serviceaccount-rhel8@sha256:5b8ac6d28f6526d1839caa37f38d1957d5e26d93215b61848e47959be8eef66e

multicluster-engine/managedcluster-import-controller-rhel8@sha256:82db3097c74cbadff07c3c640ba6fc1f33cafd3cbc49428af9b3ddc448b7ecd0

multicluster-engine/mce-operator-bundle@sha256:e156e524f1327c690d775ceef353f49c1502fca33812f66e3a17b3e595fb2ff9

multicluster-engine/multicloud-manager-rhel8@sha256:5b04b649e4efc023eeda0c9437acdc380338f1497b4e0e338598395dccf0fca2

multicluster-engine/must-gather-rhel8@sha256:2f25417720bcae91aa8eee5ea8f1508dfbfd41d14b69b809ba19aeee86445e87

multicluster-engine/placement-rhel8@sha256:16f551455ca900bb4797045954674c7e5d431d8c3229f6edcecb4097bd068ea4

multicluster-engine/provider-credential-controller-rhel8@sha256:98ec118c74002e645011bcbaad20671a696b5e14cf4aed48b09899c787c4008b

multicluster-engine/registration-operator-rhel8@sha256:a9b1f13738a676f4336540e1d161a914b1c4a4c2fa86093234ddb6993db1c931

multicluster-engine/registration-rhel8@sha256:30f2cc473afa8da30c03511099fc41b44529ba789c0a7750c0b873c01697c7b2

multicluster-engine/work-rhel8@sha256:bdaac7d8e29445822071edf1dff2c52610f8dce906c02cd142b848128e0046dc

s390x

multicluster-engine/agent-service-rhel8@sha256:cdeac0e0e24681815d84fa4adcdba1ba6f58e13eef2ba40e339d925b9d6e31ac

multicluster-engine/apiserver-network-proxy-rhel8@sha256:2e08cfabf6782aa509b30121ba3ec0c892bc72561623389b79c0913d92f6e7cb

multicluster-engine/assisted-image-service-rhel8@sha256:d2553de872868aca142da2831e08e9ad8d59cebda44460e0c0f8fdb6554e8f7a

multicluster-engine/aws-encryption-provider-rhel8@sha256:eb1387b820c9de595a0e7fb85ead887fcb75ea5fda6bfd786ff4e4985421dd3d

multicluster-engine/backplane-rhel8-operator@sha256:5696b46bc8706b1774816a604686d7f86314fa75e213e208e6866aa3e0b9c07b

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:38dc716ceeb4f6005b9eb788ff09d9ce84e2027625530834dc00abbe99332b23

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:38dc716ceeb4f6005b9eb788ff09d9ce84e2027625530834dc00abbe99332b23

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:320e4df9f6cc6859a3d07dddb7b7d85833c6c03aa07cac7ad2ba200defbb6273

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:67198da77e57e2d95f586b936bc8722a4eb20ba788e6517a8db7063b5360a0d4

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:9b1147e21ad2d09ae2fbe6e85fc60d11244507c67ce88821af1e4894fb3a0f18

multicluster-engine/cluster-api-rhel8@sha256:f8574b6e0214f8a3ef5bdcb2bb45612001b1174ad514a1d130fa965d882799ea

multicluster-engine/cluster-curator-controller-rhel8@sha256:62133004ef96b4d55d1cc2849605869096cbe8b1fe547425d9b17369a39cdd9b

multicluster-engine/clusterclaims-controller-rhel8@sha256:291ec74b7090fe978c3177ef010fffccfa2aa5577f260afbb77346a856701c57

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:b0799509c1ee7b0edf031c55d96bd0d2345deb2fdbb70f573ac45c4a895dab16

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:dc62bdfef2e6876d3cf2e542a5db55aee38ef794bb8b979b0ff4d649e06b1a6a

multicluster-engine/console-mce-rhel8@sha256:dc62bdfef2e6876d3cf2e542a5db55aee38ef794bb8b979b0ff4d649e06b1a6a

multicluster-engine/discovery-rhel8@sha256:c500c34bcb80bc2a905f597e70e5cd1b2ff17a2e85e54963ce1e56a8c9f425d9

multicluster-engine/hive-rhel8@sha256:fbd97fc8f1783f1d27f40e3f82af3d84edbb375927399ba41a13f9de9cc4d6a6

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:4e115c65cdaf2ec8917aaaec10849e55affcdfa70bfb5e6084e730bb67338045

multicluster-engine/hypershift-addon-rhel8-operator@sha256:4e115c65cdaf2ec8917aaaec10849e55affcdfa70bfb5e6084e730bb67338045

multicluster-engine/hypershift-deployment-controller-rhel8@sha256:c5cceaa228e72fe0e34da627896b43af21a7d3cd9d5b0f77b3d87430402e4363

multicluster-engine/multicluster-engine-hypershift-deployment-controller-rhel8@sha256:c5cceaa228e72fe0e34da627896b43af21a7d3cd9d5b0f77b3d87430402e4363

multicluster-engine/hypershift-rhel8-operator@sha256:6a86908cfe9af55e299a23b413517fabce707297d8a9eb27072b8e54626c937b

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:42f26be3977496feb6b572c5c9c7e2f6d1af8673653e635a0413286fd7efcb21

multicluster-engine/managed-serviceaccount-rhel8@sha256:42f26be3977496feb6b572c5c9c7e2f6d1af8673653e635a0413286fd7efcb21

multicluster-engine/managedcluster-import-controller-rhel8@sha256:a613afada089b991101c09d4ee7e1d956db084bcfbd050950fc5911ac3474a7b

multicluster-engine/mce-operator-bundle@sha256:f6210c659d0790937648774acb89ad97733a8e5497f130e47f5f5b8439eb4b9d

multicluster-engine/multicloud-manager-rhel8@sha256:74dc8934aab829b37a35cce6a0b1b41df138bd98eab84f4fd559df63f7a98194

multicluster-engine/must-gather-rhel8@sha256:8b86ca9a3de32f6e628c65550a5cc828d8108fb33760222d47639625c0c16e99

multicluster-engine/placement-rhel8@sha256:2ee53e1e23e85e99762837e823e5bb6a0abb1fc223ad16b8b23c3693c9a0a283

multicluster-engine/provider-credential-controller-rhel8@sha256:5d1d0c97fb6d0f130edf3131c8bbabfa0ce3def974c8f242b03171f30e64178c

multicluster-engine/registration-operator-rhel8@sha256:61faeb1612a344edc47d53ddbd4ddf4900ff7d1630ed48deea47ebed043acd4c

multicluster-engine/registration-rhel8@sha256:5f0db8ee47317577914281033df563341e2716ecdfd2251be49947ce5bfddf82

multicluster-engine/work-rhel8@sha256:a1295ab61f30aa361493703b69c905b0fc429d7cdc0953bc4118e2fe01750418

x86_64

multicluster-engine/agent-service-rhel8@sha256:97953db07d72c8c9bc4a02d9d9828e0356564ae077a5627008cd935eacd3c431

multicluster-engine/apiserver-network-proxy-rhel8@sha256:45980a82d18011f10fa1359ee4f8bb58f1d733945c95c05c65cf9ed27ffc7711

multicluster-engine/assisted-image-service-rhel8@sha256:8b80abdec9e38c0cc9bf194bd5258ec64eedd989f9d6cd1c9d5abc2c553e1496

multicluster-engine/assisted-installer-agent-rhel8@sha256:1efe34c3f8b6303b397c74ddb2b43ac782dfa5bce69108eedd6b6122ced14601

multicluster-engine/assisted-installer-reporter-rhel8@sha256:c91750d80bda566c0ec42de51da726ee12639011c5d20f407b9b1aeaaf580735

multicluster-engine/assisted-installer-rhel8@sha256:3931b8f7b46b45cd03e3fbfbe086096ba314a03a764f2a2793c1c6296f976c4f

multicluster-engine/aws-encryption-provider-rhel8@sha256:71850057b0538d3b2e2279e4db976feeffc6250f02027ad7063236369f63407f

multicluster-engine/backplane-rhel8-operator@sha256:66f04ea3ac06850f613a425ea8187e3239ef2ec1b75f5ace99ee02586ae8d58c

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:36ce51f81422531db09206c98e3950ce92233d558e1e3e6ba2b0bcc8ebb49469

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:36ce51f81422531db09206c98e3950ce92233d558e1e3e6ba2b0bcc8ebb49469

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:6d43e17b3ab9fdf058c7be85a39fbf51a13017db4ca48ad87bdce2aab4b10bea

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:2cbfaec7d07fc6bf940a300c949f3947e0a520524410432b7b519bd1e0ec9a1f

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:8c37756fda2356c49d09413842c29d6d040970e90db1aff2c1e95fed50fb706f

multicluster-engine/cluster-api-rhel8@sha256:ae5f08167c324a5a09332ec9fbfd26dbf750dfe9fb0f3f20b1c3eaff428628d3

multicluster-engine/cluster-curator-controller-rhel8@sha256:9e7795ff57aa032f40b2370c472bc77d9dfe94a2def4a800664d8dd2603287b6

multicluster-engine/clusterclaims-controller-rhel8@sha256:aef69de3c4180dfbe2a962a3b76bb7a43abf69b4831754d477ad6c2ff7025e4c

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:77791c7940c9f85a944124671387b7516de1a6eb8e041d5444e37cbccef9a85d

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:4fc98b221a89e81d289ec48eb706bfcdf7ebaf7a78872b9b6e0bd59bfdbd1b76

multicluster-engine/console-mce-rhel8@sha256:4fc98b221a89e81d289ec48eb706bfcdf7ebaf7a78872b9b6e0bd59bfdbd1b76

multicluster-engine/discovery-rhel8@sha256:887547d481f3f818733fa25a8f64c77a376adb60099de728ea90190561200404

multicluster-engine/hive-rhel8@sha256:720ec4d34ae8632fafe7d7fcc4458b0829dac6ca72c1b3d3198d1f9030a6d36c

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:75ad4a883e153c99498a1cf9cb488cb9dfa91176ab16bf29f146b8a834d3f2b8

multicluster-engine/hypershift-addon-rhel8-operator@sha256:75ad4a883e153c99498a1cf9cb488cb9dfa91176ab16bf29f146b8a834d3f2b8

multicluster-engine/hypershift-deployment-controller-rhel8@sha256:f99e4af59555a15c03193a32a7678fe099989acc5e3329ab53f1857672170ccf

multicluster-engine/multicluster-engine-hypershift-deployment-controller-rhel8@sha256:f99e4af59555a15c03193a32a7678fe099989acc5e3329ab53f1857672170ccf

multicluster-engine/hypershift-rhel8-operator@sha256:4099d03b88270583ebfa88cc0871c866a0e4fae23cb3f7ac0f30a044abbfc19c

multicluster-engine/klusterlet-operator-bundle@sha256:ddd18b21fafa2176bfbde814a53fc5a40b3722b12d79c4157d667dbfa1325237

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:76a09d2997328bf4b373e75c2fa8285e8f2faad503314d6da61043d2f55d6b31

multicluster-engine/managed-serviceaccount-rhel8@sha256:76a09d2997328bf4b373e75c2fa8285e8f2faad503314d6da61043d2f55d6b31

multicluster-engine/managedcluster-import-controller-rhel8@sha256:f90f0e95129a18aef15c042623876ba25021ab712ab8e49436f8fc93db819c0a

multicluster-engine/mce-operator-bundle@sha256:a73bac9337c0fae87839aa22e019e7b7ce67367510eb2f18dd1aab56e036793d

multicluster-engine/multicloud-manager-rhel8@sha256:65dca9c9cdd048741de37ef876f5b57f2a5a939e3f5c9557d896bc780d791e66

multicluster-engine/must-gather-rhel8@sha256:ffef6adc375beee26475d5efc07046a1cbaa74566146dbbc71f43f32d6ce6617

multicluster-engine/placement-rhel8@sha256:d966faac5b5d195777d3c5e5b47295120f86090b69274a409ab2b73874a01b3f

multicluster-engine/provider-credential-controller-rhel8@sha256:531c9517a105f85924d8d59942e8026d5f9ccc0a03533a0e681028477c5391ce

multicluster-engine/registration-operator-rhel8@sha256:4188443f596121ffd8188eaeb24da37cb51d0a22d575460f7fede72971128eb5

multicluster-engine/registration-rhel8@sha256:b0c76e6b1623f786eab4867a86efbaa628f48363d0bff71b729a7e84b6e3626e

multicluster-engine/work-rhel8@sha256:0fc3f91ab12649fe499021a9640f3d9386b96c3cd0f444abc4e92dafcb3a8138

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Red Hat Security Advisory 2023-5533-01

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4310-01

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:4091: Red Hat Security Advisory: OpenShift Container Platform 4.13.5 security update

Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

RHSA-2023:4114: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.1 security update

Red Hat OpenShift Service Mesh 2.4.1 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-3615-01

Red Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3645-01

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

RHSA-2023:3542: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows a...

RHSA-2023:3460: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert ...

RHSA-2023:3455: Red Hat Security Advisory: Release of OpenShift Serverless 1.29.0

OpenShift Serverless version 1.29.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker ...

Red Hat Security Advisory 2023-3379-01

Red Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.

Red Hat Security Advisory 2023-3408-01

Red Hat Security Advisory 2023-3408-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include double free and use-after-free vulnerabilities.

RHSA-2023:3325: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.7 security fixes and container updates

Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

Red Hat Security Advisory 2023-0584-01

Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-2710-01

Red Hat Security Advisory 2023-2710-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2654-01

Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-2104-01

Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2098-01

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2061: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

Red Hat Security Advisory 2023-2041-01

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

Red Hat Security Advisory 2023-1953-01

Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1887-01

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1816-01

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-1816-01

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-1816-01

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

RHSA-2023:1888: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

Red Hat Security Advisory 2023-1842-01

Red Hat Security Advisory 2023-1842-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2023:1842: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.

RHSA-2023:1816: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

RHSA-2023:1816: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

RHSA-2023:1816: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1744-01

Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-1743-01

Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

RHSA-2023:1744: Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-semantics. Whe...

RHSA-2023:1701: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.

Red Hat Security Advisory 2023-1310-01

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1310-01

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1310-01

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1310-01

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1533: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...

Red Hat Security Advisory 2023-1409-01

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

Red Hat Security Advisory 2023-1437-01

Red Hat Security Advisory 2023-1437-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

Red Hat Security Advisory 2023-1441-01

Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

Red Hat Security Advisory 2023-1438-01

Red Hat Security Advisory 2023-1438-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

RHSA-2023:1441: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to r...

RHSA-2023:1438: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to ...

RHSA-2023:1365: Red Hat Security Advisory: nss security and bug fix update

An update for nss is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

RHSA-2023:1332: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

Red Hat Security Advisory 2023-1200-01

Red Hat Security Advisory 2023-1200-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Debian Security Advisory 5365-1

Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.

Ubuntu Security Notice USN-5901-1

Ubuntu Security Notice 5901-1 - Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information.

RHSA-2023:0946: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

RHSA-2023:0946: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

RHSA-2023:0946: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...

Ubuntu Security Notice USN-5892-1

Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-0810-01

Red Hat Security Advisory 2023-0810-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0812-01

Red Hat Security Advisory 2023-0812-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0821: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted mes...

RHSA-2023:0823: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacke...

RHSA-2023:0818: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. ...

RHSA-2023:0812: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...

Debian Security Advisory 5349-1

Debian Linux Security Advisory 5349-1 - Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library.

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

GHSA-rc47-6667-2j5j: http-cache-semantics vulnerable to Regular Expression Denial of Service

http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.