Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6224: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1292: openssl: c_rehash script allows command injection
  • CVE-2022-1343: openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS
  • CVE-2022-1473: openssl: OPENSSL_LH_flush() breaks reuse of memory
  • CVE-2022-2068: openssl: the c_rehash script allows command injection
  • CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes
Red Hat Security Data
#vulnerability#linux#red_hat#perl#ibm#sap#ssl

Synopsis

Moderate: openssl security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: c_rehash script allows command injection (CVE-2022-1292)
  • openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)
  • openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)
  • openssl: the c_rehash script allows command injection (CVE-2022-2068)
  • openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)
  • openssl req defaults to 3DES (BZ#2085499)
  • OpenSSL accepts custom elliptic curve parameters when p is large [rhel-9] (BZ#2085508)
  • OpenSSL mustn’t work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)
  • openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)
  • Converting FIPS power-on self test to KAT (BZ#2086866)
  • Small RSA keys work for some operations in FIPS mode (BZ#2091938)
  • FIPS provider doesn’t block RSA encryption for key transport (BZ#2091977)
  • OpenSSL testsuite certificates expired (BZ#2095696)
  • [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)
  • [FIPS lab review] self-test (BZ#2112978)
  • [FIPS lab review] DH tuning (BZ#2115856)
  • [FIPS lab review] EC tuning (BZ#2115857)
  • [FIPS lab review] RSA tuning (BZ#2115858)
  • [FIPS lab review] RAND tuning (BZ#2115859)
  • [FIPS lab review] zeroization (BZ#2115861)
  • [FIPS lab review] HKDF limitations (BZ#2118388)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2080323 - openssl occasionally sends internal error to gnutls when using FFDHE [rhel-9.0.0.z]
  • BZ - 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
  • BZ - 2082584 - OpenSSL FIPS module should not build in non-approved algorithms [rhel-9.0.0.z]
  • BZ - 2082585 - Change FIPS module version to include hash of specfile, patches and sources [rhel-9.0.0.z]
  • BZ - 2085499 - openssl req defaults to 3DES [rhel-9.0.0.z]
  • BZ - 2085500 - Specifying the openssl config file explicitly causes provider initialisation to fail in FIPS mode [rhel-9.0.0.z]
  • BZ - 2085521 - OpenSSL mustn’t work with ECDSA with explicit curve parameters in FIPS mode [rhel-9.0.0.z]
  • BZ - 2086554 - openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 [rhel-9.0.0.z]
  • BZ - 2086866 - Converting FIPS power-on self test to KAT [rhel-9.0.0.z]
  • BZ - 2087234 - openssl in FIPS mode verifies SHA-1 signatures, but should not [rhel-9.0.0.z]
  • BZ - 2087911 - CVE-2022-1343 openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS
  • BZ - 2087913 - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
  • BZ - 2091938 - Small RSA keys work for some operations in FIPS mode [rhel-9.0.0.z]
  • BZ - 2091977 - FIPS provider doesn’t block RSA encryption for key transport [rhel-9.0.0.z]
  • BZ - 2091994 - Incomplete filtering of ciphersuites in FIPS mode [rhel-9.0.0.z]
  • BZ - 2095696 - OpenSSL testsuite certificates expired [rhel-9.0.0.z]
  • BZ - 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
  • BZ - 2101346 - PPC 64 Montgomery mult is buggy [rhel-9.0.0.z]
  • BZ - 2104905 - CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
  • BZ - 2107530 - sscg FTBFS in rhel-9.1 [rhel-9.0.0.z]
  • BZ - 2112978 - [FIPS lab review] self-test [rhel-9.0.0.z]
  • BZ - 2115856 - [FIPS lab review] DH tuning [rhel-9.0.0.z]
  • BZ - 2115857 - [FIPS lab review] EC tuning [rhel-9.0.0.z]
  • BZ - 2115858 - [FIPS lab review] RSA tuning [rhel-9.0.0.z]
  • BZ - 2115859 - [FIPS lab review] RAND tuning [rhel-9.0.0.z]
  • BZ - 2115861 - [FIPS lab review] zeroization [rhel-9.0.0.z]
  • BZ - 2118388 - [FIPS lab review] HKDF limitations [rhel-9.0.0.z]

CVEs

  • CVE-2022-1292
  • CVE-2022-1343
  • CVE-2022-1473
  • CVE-2022-2068
  • CVE-2022-2097

Red Hat Enterprise Linux for x86_64 9

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

x86_64

openssl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 6f1c330ae49ec229efa9a1610a8f3f8b4cdda306389dcecda9f189eca15a90b7

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-devel-3.0.1-41.el9_0.i686.rpm

SHA-256: 15ef0c5f24fca091ccebc7383293475535be1660cbdc3fd55dfbddfca09c31cd

openssl-devel-3.0.1-41.el9_0.x86_64.rpm

SHA-256: b3fee080e3482cb161d1e510568404a1af636849f51f1197b366ccb6d674f6b4

openssl-libs-3.0.1-41.el9_0.i686.rpm

SHA-256: 5ebcbc679ab3f2c64938242e3c94d51e09b5e09c58bfc0b489ac03d1e9b180b2

openssl-libs-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 535305af7dc221e687dbbac961b84275a43902c13463557b600bbf245a49a35e

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-perl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: ee49632a2cc1f1b586b0374e7748783b1a086c6f3bb15ff5b2a8fdba78c20503

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

x86_64

openssl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 6f1c330ae49ec229efa9a1610a8f3f8b4cdda306389dcecda9f189eca15a90b7

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-devel-3.0.1-41.el9_0.i686.rpm

SHA-256: 15ef0c5f24fca091ccebc7383293475535be1660cbdc3fd55dfbddfca09c31cd

openssl-devel-3.0.1-41.el9_0.x86_64.rpm

SHA-256: b3fee080e3482cb161d1e510568404a1af636849f51f1197b366ccb6d674f6b4

openssl-libs-3.0.1-41.el9_0.i686.rpm

SHA-256: 5ebcbc679ab3f2c64938242e3c94d51e09b5e09c58bfc0b489ac03d1e9b180b2

openssl-libs-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 535305af7dc221e687dbbac961b84275a43902c13463557b600bbf245a49a35e

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-perl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: ee49632a2cc1f1b586b0374e7748783b1a086c6f3bb15ff5b2a8fdba78c20503

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

s390x

openssl-3.0.1-41.el9_0.s390x.rpm

SHA-256: ab0186f9ed1336032f7406fc661163f5fac0e4c899165ee14c5414a4e7cb20d4

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-devel-3.0.1-41.el9_0.s390x.rpm

SHA-256: dc6df074de10337f99c2de2384af7e552b74ea25d5ad68251b303118ec4155ff

openssl-libs-3.0.1-41.el9_0.s390x.rpm

SHA-256: d6da45987857f82c16944b673376b27843040cdcc6ce5ae41b06fafd11333857

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-perl-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1e1ff37fb8ea699c616e61e3808829f313951cd022945a53ef03f3096501060f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

s390x

openssl-3.0.1-41.el9_0.s390x.rpm

SHA-256: ab0186f9ed1336032f7406fc661163f5fac0e4c899165ee14c5414a4e7cb20d4

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-devel-3.0.1-41.el9_0.s390x.rpm

SHA-256: dc6df074de10337f99c2de2384af7e552b74ea25d5ad68251b303118ec4155ff

openssl-libs-3.0.1-41.el9_0.s390x.rpm

SHA-256: d6da45987857f82c16944b673376b27843040cdcc6ce5ae41b06fafd11333857

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-perl-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1e1ff37fb8ea699c616e61e3808829f313951cd022945a53ef03f3096501060f

Red Hat Enterprise Linux for Power, little endian 9

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

ppc64le

openssl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 30d3c28167b65af9ce3bf224a5ce80cc6d9a812d8ce4974f909ca36bcd8d4dc7

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-devel-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: b1455c6f722dd53743a01c2bbe0acd3ead710d2de75140bbe7b37dad03efecf3

openssl-libs-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 373c162af3330d25558d2aa6137b8295b689a33888bef6b10b513834ed54574b

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-perl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 6a4d9508e27ce3bd011577be0582f03a1458f5d1538fc5fed3a21035f90897ec

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

ppc64le

openssl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 30d3c28167b65af9ce3bf224a5ce80cc6d9a812d8ce4974f909ca36bcd8d4dc7

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-devel-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: b1455c6f722dd53743a01c2bbe0acd3ead710d2de75140bbe7b37dad03efecf3

openssl-libs-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 373c162af3330d25558d2aa6137b8295b689a33888bef6b10b513834ed54574b

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-perl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 6a4d9508e27ce3bd011577be0582f03a1458f5d1538fc5fed3a21035f90897ec

Red Hat Enterprise Linux for ARM 64 9

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

aarch64

openssl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: ab95af0adbc9bb64b98c54bd230e0ad3509df24bf4efeb4b7cfb1d12540a5963

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-devel-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 25ad324cfb1636d9135a747e0c1c61a079ee7a56cacfaed6d6d4bd698ac8b0dc

openssl-libs-3.0.1-41.el9_0.aarch64.rpm

SHA-256: c0f882ba6c900d2bacde35d233c25020480cd4182e4984fcd6ce4b24f35b15f4

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-perl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f3a6c48d7d35e0812cbbdfc86293eeadd23a3e3871639fe2f3669024d9712db3

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

aarch64

openssl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: ab95af0adbc9bb64b98c54bd230e0ad3509df24bf4efeb4b7cfb1d12540a5963

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-devel-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 25ad324cfb1636d9135a747e0c1c61a079ee7a56cacfaed6d6d4bd698ac8b0dc

openssl-libs-3.0.1-41.el9_0.aarch64.rpm

SHA-256: c0f882ba6c900d2bacde35d233c25020480cd4182e4984fcd6ce4b24f35b15f4

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-perl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f3a6c48d7d35e0812cbbdfc86293eeadd23a3e3871639fe2f3669024d9712db3

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

ppc64le

openssl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 30d3c28167b65af9ce3bf224a5ce80cc6d9a812d8ce4974f909ca36bcd8d4dc7

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: c9da128a9383d8bc645069006b6205cbca6457b6060021f463700eea0fd1fec8

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-debugsource-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: abc296160c427afc5aee23dd4757d3e9ded9bc68c1c07e85ead8de69c58efc2e

openssl-devel-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: b1455c6f722dd53743a01c2bbe0acd3ead710d2de75140bbe7b37dad03efecf3

openssl-libs-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 373c162af3330d25558d2aa6137b8295b689a33888bef6b10b513834ed54574b

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-libs-debuginfo-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: d2f849c57fb57464c8fb93f0551223e82e6565ebf24d950102660ff3189c03c2

openssl-perl-3.0.1-41.el9_0.ppc64le.rpm

SHA-256: 6a4d9508e27ce3bd011577be0582f03a1458f5d1538fc5fed3a21035f90897ec

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

x86_64

openssl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 6f1c330ae49ec229efa9a1610a8f3f8b4cdda306389dcecda9f189eca15a90b7

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: a75e159b4988fb1129f1d274a791814a93d773fe0f1155c1ad3e79279cb8a476

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: e407270005b1d5d70529739bf62768d82df5e7a852c10e3043dcc46711f04638

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.i686.rpm

SHA-256: 4a357b256a7b1e8e8fd5c0033c96b52eb728985a66bceb333de643d512ba45ea

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-debugsource-3.0.1-41.el9_0.x86_64.rpm

SHA-256: edd47adefd4cc4a9adddf89f2be9da9aa952c970ea8e7e4b36dfaa9da8b6b009

openssl-devel-3.0.1-41.el9_0.i686.rpm

SHA-256: 15ef0c5f24fca091ccebc7383293475535be1660cbdc3fd55dfbddfca09c31cd

openssl-devel-3.0.1-41.el9_0.x86_64.rpm

SHA-256: b3fee080e3482cb161d1e510568404a1af636849f51f1197b366ccb6d674f6b4

openssl-libs-3.0.1-41.el9_0.i686.rpm

SHA-256: 5ebcbc679ab3f2c64938242e3c94d51e09b5e09c58bfc0b489ac03d1e9b180b2

openssl-libs-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 535305af7dc221e687dbbac961b84275a43902c13463557b600bbf245a49a35e

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.i686.rpm

SHA-256: ff271f196b33136ea07795a694a9ad69c82666d0c2e82558d3e72200b394b735

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-libs-debuginfo-3.0.1-41.el9_0.x86_64.rpm

SHA-256: 3c89fb08b5adee565a8839ea8a0fe2f1557333fc68321cce5b2730c956873691

openssl-perl-3.0.1-41.el9_0.x86_64.rpm

SHA-256: ee49632a2cc1f1b586b0374e7748783b1a086c6f3bb15ff5b2a8fdba78c20503

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

aarch64

openssl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: ab95af0adbc9bb64b98c54bd230e0ad3509df24bf4efeb4b7cfb1d12540a5963

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 85631a476fc130a52d2836e5f21eaa258b5d486e810fbec03195a24d7116406d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-debugsource-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f6740a48f01fe6bfed4661324d8de51814821dcd503922469f86dc4b6117818d

openssl-devel-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 25ad324cfb1636d9135a747e0c1c61a079ee7a56cacfaed6d6d4bd698ac8b0dc

openssl-libs-3.0.1-41.el9_0.aarch64.rpm

SHA-256: c0f882ba6c900d2bacde35d233c25020480cd4182e4984fcd6ce4b24f35b15f4

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-libs-debuginfo-3.0.1-41.el9_0.aarch64.rpm

SHA-256: 2a10fc0e3d5800d94581aafb4249bcba817656d395f0d7fa6372ea326bfee1a0

openssl-perl-3.0.1-41.el9_0.aarch64.rpm

SHA-256: f3a6c48d7d35e0812cbbdfc86293eeadd23a3e3871639fe2f3669024d9712db3

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

openssl-3.0.1-41.el9_0.src.rpm

SHA-256: 844207fc998c0c0b3eb270eec2492cf8382b12a7bb080afa0f208714b2145465

s390x

openssl-3.0.1-41.el9_0.s390x.rpm

SHA-256: ab0186f9ed1336032f7406fc661163f5fac0e4c899165ee14c5414a4e7cb20d4

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 4b0c11a7a4549a305e697cc31459e46401d6f4d65934ac7c52206ffdb06dd2c8

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-debugsource-3.0.1-41.el9_0.s390x.rpm

SHA-256: 123edde5ee062432ee1e729a71bccece5527fa2de156101bea41bdccdd9fbe6f

openssl-devel-3.0.1-41.el9_0.s390x.rpm

SHA-256: dc6df074de10337f99c2de2384af7e552b74ea25d5ad68251b303118ec4155ff

openssl-libs-3.0.1-41.el9_0.s390x.rpm

SHA-256: d6da45987857f82c16944b673376b27843040cdcc6ce5ae41b06fafd11333857

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-libs-debuginfo-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1c7a1c0ce153e5ba9517e6c571ebb046ce0231ae56968e5d399994c8ab6a4f8b

openssl-perl-3.0.1-41.el9_0.s390x.rpm

SHA-256: 1e1ff37fb8ea699c616e61e3808829f313951cd022945a53ef03f3096501060f

Related news

Ubuntu Security Notice USN-7060-1

Ubuntu Security Notice 7060-1 - It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

Red Hat Security Advisory 2022-6429-01

Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6422-01

Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Red Hat Security Advisory 2022-6182-01

Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6183-01

Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6348-01

Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

RHSA-2022:6370: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...

RHSA-2022:6348: Red Hat Security Advisory: Gatekeeper Operator v0.2 security and container updates

Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...

Red Hat Security Advisory 2022-6290-01

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6283-01

Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2022:6290: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...

RHSA-2022:6283: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.2 Containers security update

Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...

Red Hat Security Advisory 2022-6224-01

Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6184-01

Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.

Red Hat Security Advisory 2022-6184-01

Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.

Red Hat Security Advisory 2022-6184-01

Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.

RHSA-2022:6188: Red Hat Security Advisory: Node Maintenance Operator 4.11.1 security update

An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 4.11 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-...

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

RHSA-2022:6024: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources

RHSA-2022:6024: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources

RHSA-2022:6024: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources

RHSA-2022:5818: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

RHSA-2022:5818: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

RHSA-2022:5818: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

Ubuntu Security Notice USN-5488-2

Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Ubuntu Security Notice USN-5402-2

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

CVE-2022-1343

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful r...

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).