Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1524: Red Hat Security Advisory: OpenShift Container Platform 4.9.59 security update

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#git#kubernetes#rce#ibm#rpm

Issued:

2023-04-05

Updated:

2023-04-05

RHSA-2023:1524 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: OpenShift Container Platform 4.9.59 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.59. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:1525

Security Fix(es):

  • apache-commons-text: variable interpolation RCE (CVE-2022-42889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

  • BZ - 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE
  • OCPBUGS-11081 - Placeholder bug for OCP 4.9.0 rpm release

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.src.rpm

SHA-256: 0e85d455ca44d38b717e3211dc89c2c1cf55c337a70906a44253492643832c8d

jenkins-2-plugins-4.9.1680069756-1.el8.src.rpm

SHA-256: b9171b2251b6fa673357166b96b1f4bc7207cd60cb641f3248936dcfb6b45f19

jenkins-2.361.4.1680068660-1.el8.src.rpm

SHA-256: f0610a2e9a7dcc70574143c7fec9c21ab627eaf1fb4ab80c955e18dde595bdcd

kernel-4.18.0-305.85.1.el8_4.src.rpm

SHA-256: dd8e3b4460e6300ad73b5029e6f9f37cbfb0a989c482b26f5dc6a36993fb2da4

kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.src.rpm

SHA-256: c41b2cf6892a4c2d8bdcfdaca35163ed0f4641c6e0de9d33437941d7024a38c4

openshift-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.src.rpm

SHA-256: 4fbd5a7351237d015b82cd71dc28ac46ffe49cdcf2c30b479b0f357d7b57dd29

x86_64

bpftool-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 4393b1f51e9ada30bf0ab8ef681b655da41882e100df8c6e433d787f5c07ab88

bpftool-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 6b5803887ae7d515b0dda3ccc7b8b1b66f7f4c1e243142d7c35898f03f65103b

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.x86_64.rpm

SHA-256: 7ca9f1141e460d85b03c44ca321a3f5e9b1843f360c3659377f1086f1e54f0f3

cri-o-debuginfo-1.22.5-18.rhaos4.9.gitbd70b3d.el8.x86_64.rpm

SHA-256: cb220601b6b4f3ae26701d861867e664816863adfbd92c016e6a647d41b01fec

cri-o-debugsource-1.22.5-18.rhaos4.9.gitbd70b3d.el8.x86_64.rpm

SHA-256: d87385443bc9f4e6280d0033acc9f7046cb8d527ab70f60d3777922880c05968

jenkins-2-plugins-4.9.1680069756-1.el8.noarch.rpm

SHA-256: 8dc223f2764a741b9850f813e93ea7e447d516e146ccbb4dd81a7a01d7bcb4f9

jenkins-2.361.4.1680068660-1.el8.noarch.rpm

SHA-256: 0e435f8d39b7236deafbdda7564a907b3d2656df1bd3b0ef6967015b67cb3ec7

kernel-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 31896ef8de7093a4942be65cb6116b413f4d1254376ed1b7f02c5509cd6da5c6

kernel-core-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: f957d6b60a36cd40427949ee8f0adc82befc2d1afdc5422d5e7baf0cf365fe8f

kernel-cross-headers-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: c1ef48abe851a87587c17d52edcff83bccc6bff4ed1efbca1e6ae88326d60e79

kernel-debug-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 7bc81b8f68155dbc9eaed65b5bc456399d5ed967a4423d021bef9ff47141600a

kernel-debug-core-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 766cf336ca70a8f9c952b870e8efab1230ddce0f735639e8f143230a1acdb9b6

kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 1d4f125490ac847397489eca0b5c83b400fdac53b325190e226139ce3d6d1fa5

kernel-debug-devel-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 4360db4b7a6f7dbd4faf81f04e1a874c26e9dc622ceb4cc1984d049b7de55d70

kernel-debug-modules-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: f798505ed0e08900154d0acf7d0fbcde76b892303be943197ba5d0c7ca463b7c

kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 9a18521c51a7c10e746ac65aeec81280328f9b2a9d01977daf5cf024190de55a

kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 592828a1ec96ac875b6083697b00e61bdd4804a6f91d35c39750d35732feaff7

kernel-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: ef3550e197bab75700dcc794aa629e6c61a7bba783fbac76e8ac57fa550a23cb

kernel-debuginfo-common-x86_64-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: ffd8beb836b577a55718cddf304a5cc2ead155d96a74e5161e8f26306686e9d9

kernel-devel-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 7801c77182e6f150e74dfcdfce3d2c251a0f1a74cbad31711107529032c3b55e

kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm

SHA-256: 68556baa1037c9a0ed7296cbcd7b339657aa2c56c8632e97de6f2ab8e9f61a63

kernel-headers-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 53d8522e7ba6b7fd41a98c901381626254447230989673d9f4e22c77ebb50841

kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 1ecd421f758c56f0367fe664731afce6067073f2d4c54f5ad0a7a3f9eae8c5a9

kernel-modules-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 02f058c431f7838036d35a69c98a83a4753ed48fcb630ff3d0971fca12a45cb6

kernel-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 38e79d7cf77011ce9d9bbde947f4314ff605871c048a5e2cc2bc8005ebda2c6d

kernel-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 907045f09915c74c5d0ff3a08c08edd2541944d63b4f3f87840b2fb579539637

kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: c73b2b423bde1768f4ebab2a24109733d304760da33a694b17653c3b401ec43d

kernel-rt-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: e1d554f8d6cecce81690c99016306d36c60207a78a463f63a072172ae3b8f96b

kernel-rt-debug-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: e4bb1f24797f8486441ef0709f74eeada595d14d8d9bcba9da2a2aec22343595

kernel-rt-debug-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 0d736aee6465127cee774bb6f9583d780f33ba64e9f1cd0409f20984b66590dc

kernel-rt-debug-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: a5784230bc1f27e8a784df7e6d10252babf29c4d1e2923f033fe4a36ee131b22

kernel-rt-debug-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 23c68759dca13af83641b73e6a5bda1d7c5aa02ef18b6c85d3582e57acadc87c

kernel-rt-debug-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 7e3d08c643be42b575b0ba732e24bf3598545bdd6f5f3c53b6ecca9e3a08ee03

kernel-rt-debug-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 5715f286c568824b8691d9cd2a86495c2a95afbe258a4902c88a21d878e549d4

kernel-rt-debug-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: eb62518081f9965797f6fe86afaf9ac31c541c634e5fa340798fd82a4eed6781

kernel-rt-debug-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 85bda09a99d3816be5978427e26d10e74eaba7d5d75895a94dac92f7508f1774

kernel-rt-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 0ebd6b56149e0e16fdae1b867a5834e782c08895cbd4d3b4064f74668cabd950

kernel-rt-debuginfo-common-x86_64-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: ababd37444e5be0e97ecc58101e3a97b6f01138eb7f95ba3b9c9c8fffe49535e

kernel-rt-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: c854dfc39665f0af28ee1a1a9069c3e63d23c705f4e0a55c19f13de7df1bfebe

kernel-rt-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 3a149a7b40d27545aa22f2ccc0c7cfeb05b07f8b0c044653ff41f950fc85bd1b

kernel-rt-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 08548cc2b3e8a815dd4a71d742a08aa3c76761373a46ed20c83bae44d14cac63

kernel-rt-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: 2c550a3f02f9db959aa8e59f8ec74bcd0b451b5c5c2945ad2311d8723efe3514

kernel-rt-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: bc80ce5ece089a8e74e5cb9cadc7fce7fc27cbe84774c5de995f28310cb3b158

kernel-rt-selftests-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm

SHA-256: bfce42a4b02ee3d65d515bcd03132d3e39c5d27a6f9177f65c4f3cad900dd532

kernel-selftests-internal-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: e7a52fb3a8c1af80f5147bf00cbd35992eec1a9aee49c81ea4fdd24acc3ab777

kernel-tools-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: fb7c38da23fe56c01883ed215052c9ac0b0894afae74e082340f38f5564e4c3d

kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 6c1e199776b138f23bf3e680ff55ca81f102d0142369fb43bd9b80b5493c55dd

kernel-tools-libs-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 5eee5f40db86b6ba0357a8ea67cfac56c62c83546e5b590ca25e7a892db62455

kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: ae49d1ea5e5591a9337ca279f04da93c29d53c0760099ffba781fc24186363d8

openshift-hyperkube-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.x86_64.rpm

SHA-256: 984a6629e59b207508add850b416ca5673f09333c0428c26eba78ffab4ba1e8d

perf-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: a552fdbdd3d43e1ab11adde1187da868fd574de07b79e7b65e19ca85799c4531

perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: c8fea8a894931020f2e3e4f263798f7959686ab3187e173843bb134849716790

python3-perf-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 00144ee92c2bd05e0c38791882aa07d1eeffdae72debe1f58452246cdcda7b35

python3-perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

SHA-256: 5d4ad83f2affdc37f5644893d54001fe564a510ce63e7e0c091b99f16288b994

Red Hat OpenShift Container Platform 4.9 for RHEL 7

SRPM

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el7.src.rpm

SHA-256: 12b0f8422c04ea5eeae6483b60d6d9b0465c992c09469fcf2c2ca4313ee93f14

openshift-4.9.0-202303250015.p0.g71d09da.assembly.stream.el7.src.rpm

SHA-256: 935758870f5da493746ee0cac4ce5a70cabb01b3a8005f6d74c19d6af625f886

x86_64

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el7.x86_64.rpm

SHA-256: 3be55090c0499d6133e36e5818f358e88a960ff0b22e9f47581499c980820d5a

cri-o-debuginfo-1.22.5-18.rhaos4.9.gitbd70b3d.el7.x86_64.rpm

SHA-256: fd01ad535e1aa48ea5d82b2cbe5fff435e59157583bf41b6dd256d9e1776e338

openshift-hyperkube-4.9.0-202303250015.p0.g71d09da.assembly.stream.el7.x86_64.rpm

SHA-256: 83a1544e972bc07b1c573b7d7976e2f9748184b0ccbe127be850b7ca4a8d91d8

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.src.rpm

SHA-256: 0e85d455ca44d38b717e3211dc89c2c1cf55c337a70906a44253492643832c8d

jenkins-2-plugins-4.9.1680069756-1.el8.src.rpm

SHA-256: b9171b2251b6fa673357166b96b1f4bc7207cd60cb641f3248936dcfb6b45f19

jenkins-2.361.4.1680068660-1.el8.src.rpm

SHA-256: f0610a2e9a7dcc70574143c7fec9c21ab627eaf1fb4ab80c955e18dde595bdcd

kernel-4.18.0-305.85.1.el8_4.src.rpm

SHA-256: dd8e3b4460e6300ad73b5029e6f9f37cbfb0a989c482b26f5dc6a36993fb2da4

openshift-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.src.rpm

SHA-256: 4fbd5a7351237d015b82cd71dc28ac46ffe49cdcf2c30b479b0f357d7b57dd29

ppc64le

bpftool-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: b05cc742f77b7b4792b7d6816b768cfba223391d7d52869dee6528f21049b4aa

bpftool-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 72ac3681ff58892f849ba9f120f3fae8ebe3955679d2ce0efea2263bd5578625

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.ppc64le.rpm

SHA-256: 0f259def48c14d64fb521121df42c5f23587d2eaaef199b3148c65bb6db9171d

cri-o-debuginfo-1.22.5-18.rhaos4.9.gitbd70b3d.el8.ppc64le.rpm

SHA-256: f29a3f0d3564b3d23255a354fd893c0c899f3ba1290406aee5d4f3e8d63e2a96

cri-o-debugsource-1.22.5-18.rhaos4.9.gitbd70b3d.el8.ppc64le.rpm

SHA-256: 2d99addfb26ef2ca492344407810b0cdccd82d346a44015e3bd6e6feef694b03

jenkins-2-plugins-4.9.1680069756-1.el8.noarch.rpm

SHA-256: 8dc223f2764a741b9850f813e93ea7e447d516e146ccbb4dd81a7a01d7bcb4f9

jenkins-2.361.4.1680068660-1.el8.noarch.rpm

SHA-256: 0e435f8d39b7236deafbdda7564a907b3d2656df1bd3b0ef6967015b67cb3ec7

kernel-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 6436f1be7f3585cb4275a9ec94f13c187450e74783dcede6fdff712b26e2ee11

kernel-core-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: a10698a10c3fa2e57985aa75cc38ad0ac1ca981dbb0dd85c3d6ccec9173bc707

kernel-cross-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 1d561b0384174b9295e76e6dfc1b0d861a450ffa616f0ec7d6a2019983f5f6f2

kernel-debug-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 8d2b56de324279151181f49ac848945fbc77eea5ec961b4b418d4d26c8b73d18

kernel-debug-core-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 81a1f39fda7943be4e2a33b481a606717be653885487f1a0c4535664c475e321

kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: fd8f0b8c144ff3e2ece42336177f325d18231580190f7f9cb415a7cc75391ca0

kernel-debug-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 6d13d6a9f529f7f87e297cf30ce494b5a374511119f7b557998fc275f0bcf7db

kernel-debug-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: af1792c525d73c82e023b58ebdefc9965675e8aecdc2a543c615f2e289a8be23

kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: cdc518a6bee758ff948b9ad6c268e219492ed59e13d83fac163f54ecad9a8da4

kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: bcd370b396d1ddb9bc6abd82082251bd21a4c5646a593b90b17146d5790712ef

kernel-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 819f6bf94bbaa0f9ccf9ad64dd501a41990bb981f68623389a25b89223265cc9

kernel-debuginfo-common-ppc64le-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: c05605597b018b93b35f4edcd68e6d62101b5db3de5bd559830ed6f4dc181c04

kernel-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 638036bfac899e96497cf26f606a6a53413dacd2dca6db6b9531b95ff684171f

kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm

SHA-256: 68556baa1037c9a0ed7296cbcd7b339657aa2c56c8632e97de6f2ab8e9f61a63

kernel-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 59af947a299f19c9dc8d63fb635dfed9a53e1adac0d99f00323f893f94541d6f

kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 5d61d056a5681137420cadd702828f09aa707ef734117dcc58474bdf7eadbfc6

kernel-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: d7fcaa53d7d88f5d1e0a8b14f720136a5b6fefa410702204753b05d0b9ebf23f

kernel-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: c0d5091e334c589495fe865ddd491db70872a50e9b60699d858c53dec79f3fcf

kernel-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: e4546f45eaf9b3b69dd155c01fb972b78e76088240dc8a535a9906dbc523eee9

kernel-selftests-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 3de5de1a0fa08f88561a09c8a3f93d8cef49c4fcb04a84079346cecb7e7505ba

kernel-tools-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 5a3edc93683fe7bce9265f566ee12ba1c1a61ffa36bb0f4fbf9ffbaaae082373

kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 5ff5956ff16ab8504c1f8aab5ed6911cadbbea5f5f1f60cd9d50a9fa07160e3c

kernel-tools-libs-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 0cae1dbbcb86417bc99e636b3e70411e990fe000e0e01b0fe89c953cdd0dc767

kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 290c568e64a8f2394985509460e82642a9dd2d816445889d891afa6a4c086c1b

openshift-hyperkube-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.ppc64le.rpm

SHA-256: b1ece4c7e593b99111c377ed089a925b4cdb4c73cdbc107d0cdf48023657016d

perf-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 1a000f9167cfa4cf37b341fb06ca61a61011fd1b94fe3fdcc48e288229a5894a

perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 1ca3ca621b08f9aa8eb0a9ffacabf49c1351dc8c9008c1892ebc023b4f598e70

python3-perf-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: c93d0d605d5eda401a30fe92838237b513f3dcd089b7da0f4204a81b3bcaca9f

python3-perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

SHA-256: 4d2924eb8a283b3211625260e6edb306b491560d543601a23a9d67963de75949

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.src.rpm

SHA-256: 0e85d455ca44d38b717e3211dc89c2c1cf55c337a70906a44253492643832c8d

jenkins-2-plugins-4.9.1680069756-1.el8.src.rpm

SHA-256: b9171b2251b6fa673357166b96b1f4bc7207cd60cb641f3248936dcfb6b45f19

jenkins-2.361.4.1680068660-1.el8.src.rpm

SHA-256: f0610a2e9a7dcc70574143c7fec9c21ab627eaf1fb4ab80c955e18dde595bdcd

kernel-4.18.0-305.85.1.el8_4.src.rpm

SHA-256: dd8e3b4460e6300ad73b5029e6f9f37cbfb0a989c482b26f5dc6a36993fb2da4

openshift-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.src.rpm

SHA-256: 4fbd5a7351237d015b82cd71dc28ac46ffe49cdcf2c30b479b0f357d7b57dd29

s390x

bpftool-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 4eeef4af488c595832b6b3c2cdc091df5de69eac4715a5f9b792eec79525c190

bpftool-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 1734061d3d5e3f3d466fc62cf8e0cbeabf0066c2792e376dc64cf0438f26dc07

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.s390x.rpm

SHA-256: 3fd8b03a7634f980ee846564ff6303af6ab8ed4a4dcccfd7ad1ac6f17bb89254

cri-o-debuginfo-1.22.5-18.rhaos4.9.gitbd70b3d.el8.s390x.rpm

SHA-256: 2460d79c362e98c49afcde5a4a5e05daa1421bf2d4978cd93a894a2d13661d8a

cri-o-debugsource-1.22.5-18.rhaos4.9.gitbd70b3d.el8.s390x.rpm

SHA-256: a32d5e9bc562a861b6164cbd8aa7c4755b7c1f274a25e712a122f7d5e71f4c71

jenkins-2-plugins-4.9.1680069756-1.el8.noarch.rpm

SHA-256: 8dc223f2764a741b9850f813e93ea7e447d516e146ccbb4dd81a7a01d7bcb4f9

jenkins-2.361.4.1680068660-1.el8.noarch.rpm

SHA-256: 0e435f8d39b7236deafbdda7564a907b3d2656df1bd3b0ef6967015b67cb3ec7

kernel-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a9ed2735cf18c9e02cd75b48f3fa2f3c244f1e4f2109bf70cb8fc9e3130e3161

kernel-core-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 056e524179920e0c62611863119bfb11158c529382e10e780373784c3c0ee3b5

kernel-cross-headers-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: f211eef01733485f89a15910896f6cedf2868acfc7be51ae64e4c76cf62b3825

kernel-debug-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: caeac2167323e971edea726b9b0b049e05beffd9ac55a9f7500e0fda5e1149c2

kernel-debug-core-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: fbd334d09c04ecb815231c4aee2c8b171a6203aff9a133a1400fb9926cf3f98b

kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: eaa9ce27b4714d3a3b49c3e955a59e9e785350783cc42be8b6c522b3d94ea8e1

kernel-debug-devel-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 816f50c3d78c928a6b2abbd84faa7820fdb882cfe8056c1b926c16008cbae1ec

kernel-debug-modules-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 6b477dbe2d453615855ad67a218d36c877f0f90ba66dbfc5f9b7f78d508778f4

kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 794312b28aeee700c1c8bcba61f5c5432e13bda3c23a18de411020580f2d92b6

kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 04748b99c2139dafce50bd4655928efcecef60124d34e5a1c3c3117e1d42026a

kernel-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 2a9d3020d98fcb883c66a2919c941adc99c15b00b8850e494c4fc7e8e4755847

kernel-debuginfo-common-s390x-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 6b69a286e21b6ee7e3d518b8439f5537be49a5ba33b989897d3f0452ffca7995

kernel-devel-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a39b6d639c5dbedddd6359b7f79463a31445f976436db1bcd05b4d661586dcb8

kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm

SHA-256: 68556baa1037c9a0ed7296cbcd7b339657aa2c56c8632e97de6f2ab8e9f61a63

kernel-headers-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: c3e3d519dc154b91f5236dfe74b274fb6663fd9e1cb67d840733dde21fd46b92

kernel-modules-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: f070d620e5f6b780242a3a4648f4775b4d0c6dc3e39357b243aa3cd8c9a89320

kernel-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 5757db88d5cf94a0ea8dd443796b1b19a64c590e4940f6b6fbbe8daf52537548

kernel-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 85c95fbbb6ddb85d9d657a02595f8c6888b127e5c5c4b0dfff75a51fe2a34800

kernel-selftests-internal-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: d09ac92556ed7edddf82cf9a79f5386ccaabfde05ec360411483e4bdc4d1a27f

kernel-tools-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 7047c44842ff97780e4cf9e4362a8feb88f384fd406af4ac18faeb4c595dec38

kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 9c66a5790618bf046b87120f4ed6bd3513ebeabf1b2a4c2921e88d9b8d13083e

kernel-zfcpdump-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a9b4553f29cf9098dfc51eacf12ff60862ef7303fb213533053f4d1fefc51f61

kernel-zfcpdump-core-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 432c6c73872c35aee9acdb520e598f7173b9e08945749a219fa84264f018e90f

kernel-zfcpdump-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: c9eb41c4c6dcb3805f88233ac127d094a3e2d1f3c1bd351729aa4f1e4604a633

kernel-zfcpdump-devel-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 0be2a1d0822c4ab405261688902e8bfc63aedb5be074538e2ef7fb5520554afd

kernel-zfcpdump-modules-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a3150c55c09776a896ab6bf2965e9bc70e29659bcd2979349e9d402752eed921

kernel-zfcpdump-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 49a8b77ff207075c9ca88c609325400ab455fe0745b24135046cae46bcd91bd4

kernel-zfcpdump-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 796a0a763ff68c740757cce7ee61d3128e06341cd548d8dbb406ad703f5d7304

openshift-hyperkube-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.s390x.rpm

SHA-256: db96a0013ac407af5f5ebbff5ae47f125daaf1ec96452c34ce49cf00bc29a42a

perf-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a5f3dc5ed7b1d82060141cae76cd5a8db8f6a31776cec8887f9af7b40a320c52

perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: a0112d56336fb577d293935d9d211dcd7fe35ee61403caf412834f5344475fdc

python3-perf-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 9f2f7a53d1c3a5ad7a427ba483ebce21224e7d56817c6dde5be86da5aadece61

python3-perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

SHA-256: 853e3cc9faff11ccf68733ffbf2492fcdd661f8f0272a4b2813e2e14e1643677

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.src.rpm

SHA-256: 0e85d455ca44d38b717e3211dc89c2c1cf55c337a70906a44253492643832c8d

jenkins-2-plugins-4.9.1680069756-1.el8.src.rpm

SHA-256: b9171b2251b6fa673357166b96b1f4bc7207cd60cb641f3248936dcfb6b45f19

jenkins-2.361.4.1680068660-1.el8.src.rpm

SHA-256: f0610a2e9a7dcc70574143c7fec9c21ab627eaf1fb4ab80c955e18dde595bdcd

kernel-4.18.0-305.85.1.el8_4.src.rpm

SHA-256: dd8e3b4460e6300ad73b5029e6f9f37cbfb0a989c482b26f5dc6a36993fb2da4

kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.src.rpm

SHA-256: c41b2cf6892a4c2d8bdcfdaca35163ed0f4641c6e0de9d33437941d7024a38c4

openshift-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.src.rpm

SHA-256: 4fbd5a7351237d015b82cd71dc28ac46ffe49cdcf2c30b479b0f357d7b57dd29

aarch64

bpftool-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 0b8240935accc8198f254ee948681f768ad48bbbfda5866b4b66c1163526cbc6

bpftool-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 873de47a3970d13bbdf1435b05dca070c89ec4bd1058465df2c161fa43639937

cri-o-1.22.5-18.rhaos4.9.gitbd70b3d.el8.aarch64.rpm

SHA-256: 3af3d2d1ed811e588390702d2a2807d1bf0916a6e9140447b99c0ed26b86298e

cri-o-debuginfo-1.22.5-18.rhaos4.9.gitbd70b3d.el8.aarch64.rpm

SHA-256: 8aae1651f6ced3bbebff509ab0c82b9af06e75ad2328c9a9db229e2fbd773763

cri-o-debugsource-1.22.5-18.rhaos4.9.gitbd70b3d.el8.aarch64.rpm

SHA-256: e69e6585e4daff8f61837605d5e2d2adf1e28ee5826363bb7135bfba69c86317

jenkins-2-plugins-4.9.1680069756-1.el8.noarch.rpm

SHA-256: 8dc223f2764a741b9850f813e93ea7e447d516e146ccbb4dd81a7a01d7bcb4f9

jenkins-2.361.4.1680068660-1.el8.noarch.rpm

SHA-256: 0e435f8d39b7236deafbdda7564a907b3d2656df1bd3b0ef6967015b67cb3ec7

kernel-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: e2b9ad5bcf3ba4110604f82c5653477cff5ec7d7d3dbe8d1b4075da4f7ed9f1c

kernel-core-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: ab77046c43518dc1146843ce5ba0524909f02af8022e427f2e06e7d003e83a0c

kernel-cross-headers-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 32c23eb1ee8272ee871158d1f95378de0374edf02c89e1974a03a744dec92d77

kernel-debug-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 6cb3afafb4d040360741e7ecec3244eb0a54f208f49e93bf127bf6ccbf477c2f

kernel-debug-core-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: dc178da8241f001829131427a151cccccf3e3cc3afc560a2048d65bab1f61dc5

kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: e876e6f44a1591e8f5c6c5ec49b715e1323af2f054e90615670241e3af4de51c

kernel-debug-devel-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: c16808d11b79ca52490939048ef5d5bc29259d75dac64e6d940f456343f9363c

kernel-debug-modules-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 0f3b7aadd5901c043b64c491d7a1bd2208549391679fbeac1b5354953d292a20

kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: ba91b8586d1f049510494133636055d3655832ff9d4b6226004a33d1b3416434

kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 3a86c351ab0d9fa4785bbf9dc881b0bf4e321c1db9fb5f6bff45dad313393150

kernel-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 7cdf275dc57babffc9c88f3577e996baac4558aed6f3c55b3be570d03a8f4dc3

kernel-debuginfo-common-aarch64-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: dc23161cabdc10c43fe57a7dbe7df3419ccb851cb5898faa6547f83c6e4192fd

kernel-devel-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: c3539c16c4cba5dd73ddb2a4480c791f6ee1015624b0a79c6a7a2d996bb8bbb1

kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm

SHA-256: 68556baa1037c9a0ed7296cbcd7b339657aa2c56c8632e97de6f2ab8e9f61a63

kernel-headers-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 75bdf07e5a07fe084bc7a409692d2f2664205882061c6952686a7a0096927c8c

kernel-modules-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: fa6c10a03ed18b65b7de5e7aa08644e5a76120aa3643d1b184b570c78c1656c0

kernel-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 43ffdcfcd1230b1330e252c08220e2256cef1a9113adf4c6027da439bf719fe1

kernel-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 6646af2550d753b0387545fe9d3d82d07a063401b025ed5510964ebf76486c71

kernel-selftests-internal-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: daf97c693a11874de07b4276c2b83fbf72b0eed89f07b1f66be003381b0591ad

kernel-tools-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 87b2abf0f201cd12a0874ebdb548bca748f57f17aa4c9692cb64f3604c5b4a58

kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: ab381164edaa8448ed3361f15ba5a9448fd4544005e155d9b878435243814696

kernel-tools-libs-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: b5adbb52dc8687fc94429d4c5370f0daf7758333d77f46f4034685d06b71bd81

kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: e5d90bbf65d85784d1656b2afbae4fcb60099034c0931ec11828155ef1fcc050

openshift-hyperkube-4.9.0-202303250015.p0.g71d09da.assembly.stream.el8.aarch64.rpm

SHA-256: 0b35754a1d95b8a0d878d31c79cc2d6fb6a418013f09d5c7cae6481963e3d296

perf-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: 4b1315b3b526814e62c0212004260fdd580e762ae80962b973abeea74d8a007e

perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: ce892543590ca8a0212e2e261e4d712372a89fba9b97d2d45b36b691372e8929

python3-perf-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: dc6d7de3c1e8de8595e1ce3ea1f22acf5c03eea1e4fd602cb65fcdca6a8a9b13

python3-perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

SHA-256: df26fe741385aaf214ccf46553c2f6f1ac122c57c49af555e7d04a35559295b1

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-0778-03

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

Red Hat Security Advisory 2023-7288-01

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

CVE-2023-2541: Security Advisories | KNIME

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

RHSA-2023:3195: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execut...

Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-1866-01

Red Hat Security Advisory 2023-1866-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.58. Issues addressed include a cross site scripting vulnerability.

CVE-2022-37306: OX App Suite Cross Site Scripting

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

Red Hat Security Advisory 2023-1655-01

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-0469-01

Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2023:0469: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40149: jettison: parser crash by stackoverflow * CVE-2022-40150: jettison: memory exhaustion via user-supplied XML or JSON data * CVE-2022-40151: xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks * CVE-2022-40152: woodstox-core: woodstox to...

RHSA-2022:9023: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.5 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3171: protobuf-java: timeout in parser leads to DoS * CVE-2022-4116: quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE * CVE-2022-4147: quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus * CVE-2022-31197: postgresql: SQL Injection in ResultSet.refreshRow() with mal...

Red Hat Security Advisory 2022-8876-01

Red Hat Security Advisory 2022-8876-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.

RHSA-2022:8876: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.2 release and security update

Red Hat AMQ Broker 7.10.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25857: snakeyaml: Denial of Service due to missing nested depth limitation for collections * CVE-2022-38749: snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode * CVE-2022-38750: snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject * CVE-2022-38751: snakeyaml: Uncaugh...

CVE-2022-44749: Security Advisories | KNIME

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though.

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

Apache Commons Vulnerability: Patch but Don't Panic

Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.

GHSA-599f-7c49-w659: Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators ...

CVE-2019-19034: AssetExplorer ITAM Solution ServicePacks Readme

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.