Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7715: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2016-3709: libxml2: Incorrect server side include parsing can lead to XSS
Red Hat Security Data
#xss#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-08

Updated:

2022-11-08

RHSA-2022:7715 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libxml2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libxml2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

  • libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2112766 - CVE-2016-3709 libxml2: Incorrect server side include parsing can lead to XSS

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

x86_64

libxml2-2.9.7-15.el8.i686.rpm

SHA-256: 6829a196ad4d7dd5b3fef3028dcdea90ef9d3b8431a3f04c67372de85c89a25e

libxml2-2.9.7-15.el8.x86_64.rpm

SHA-256: 9911a687cf9fa747a7c9c35d6d166289f76af411462c9f0a3502b72e74f211db

libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: ffb1fe8a1671978abf53ad9447d801130cc64246fb9b9af22b69b855cdbc993c

libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: ffb1fe8a1671978abf53ad9447d801130cc64246fb9b9af22b69b855cdbc993c

libxml2-debuginfo-2.9.7-15.el8.x86_64.rpm

SHA-256: 493a098fd28494b90bd4f09599478b8fa36dddcde455df296311e3ec7c7f7e8a

libxml2-debuginfo-2.9.7-15.el8.x86_64.rpm

SHA-256: 493a098fd28494b90bd4f09599478b8fa36dddcde455df296311e3ec7c7f7e8a

libxml2-debugsource-2.9.7-15.el8.i686.rpm

SHA-256: e9354d5d885067983be080f73a18f2d8e217dd74aaff09b5c806e8fd861d5719

libxml2-debugsource-2.9.7-15.el8.i686.rpm

SHA-256: e9354d5d885067983be080f73a18f2d8e217dd74aaff09b5c806e8fd861d5719

libxml2-debugsource-2.9.7-15.el8.x86_64.rpm

SHA-256: 1053a5db7b6ad0aff1facac51b63a4c7386ea4267386d8461ff03808d8c99705

libxml2-debugsource-2.9.7-15.el8.x86_64.rpm

SHA-256: 1053a5db7b6ad0aff1facac51b63a4c7386ea4267386d8461ff03808d8c99705

libxml2-devel-2.9.7-15.el8.i686.rpm

SHA-256: ee1b2005d560194b64aaaf712c386321372050dab561ee060f7e8d35e9337376

libxml2-devel-2.9.7-15.el8.x86_64.rpm

SHA-256: 72ef2b23530edaa21f36a9844958530dae1b7cd103ae4a309025d94f2758066e

python3-libxml2-2.9.7-15.el8.x86_64.rpm

SHA-256: 647f876d995a658d94b6643067ee1e1c48d5059e3422eca34ba09f94c90ec785

python3-libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: 6a5eb12444b4177b6e19bf5970d9014d2b854990317411ff79e636eff3ea97b7

python3-libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: 6a5eb12444b4177b6e19bf5970d9014d2b854990317411ff79e636eff3ea97b7

python3-libxml2-debuginfo-2.9.7-15.el8.x86_64.rpm

SHA-256: febd613267d6e020cf054a2f02e806b5304a768a66680dd0a63d4bb43f9198bd

python3-libxml2-debuginfo-2.9.7-15.el8.x86_64.rpm

SHA-256: febd613267d6e020cf054a2f02e806b5304a768a66680dd0a63d4bb43f9198bd

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

s390x

libxml2-2.9.7-15.el8.s390x.rpm

SHA-256: 7dfff5e351126a6d268fc2627e1d5882f50a29608b623271bcca3f51ef606ff1

libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: 1a35be3cd74d4c9e3b64d6fbe34615a620b9da97329bd6f4fc10e03bc0b512a7

libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: 1a35be3cd74d4c9e3b64d6fbe34615a620b9da97329bd6f4fc10e03bc0b512a7

libxml2-debugsource-2.9.7-15.el8.s390x.rpm

SHA-256: d92b68d723c6b082500258d5b6259ff8984ad9936255fa41cdfb00dbaa6b203f

libxml2-debugsource-2.9.7-15.el8.s390x.rpm

SHA-256: d92b68d723c6b082500258d5b6259ff8984ad9936255fa41cdfb00dbaa6b203f

libxml2-devel-2.9.7-15.el8.s390x.rpm

SHA-256: e3e237d1a7622d04717555a38dbd80463c17b5fa06234d8ac94b66e71f7d8b5f

python3-libxml2-2.9.7-15.el8.s390x.rpm

SHA-256: 8f18f69605d7a9464336829340644609ef8d39ca1cb54e6dbd80983083e8d681

python3-libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: e28c38fe46391561002ece60d01bbc09b3dc71efa26d950780bf56208aaf03e3

python3-libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: e28c38fe46391561002ece60d01bbc09b3dc71efa26d950780bf56208aaf03e3

Red Hat Enterprise Linux for Power, little endian 8

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

ppc64le

libxml2-2.9.7-15.el8.ppc64le.rpm

SHA-256: 7fc6f6ddef32dfe304d8b93abd7406dbc57d80094ca375eeaa9eae0b6321f36b

libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: ff4a9b712cf17be9f67ea9aa980d3b35c7c6c7c27447a4f7004c91e93c69b954

libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: ff4a9b712cf17be9f67ea9aa980d3b35c7c6c7c27447a4f7004c91e93c69b954

libxml2-debugsource-2.9.7-15.el8.ppc64le.rpm

SHA-256: bc43a9e31d15b420985c9b4700ef7937fe90d3ee1bc03f5efdaed9786904043e

libxml2-debugsource-2.9.7-15.el8.ppc64le.rpm

SHA-256: bc43a9e31d15b420985c9b4700ef7937fe90d3ee1bc03f5efdaed9786904043e

libxml2-devel-2.9.7-15.el8.ppc64le.rpm

SHA-256: b416b5be68bffd889b568474eb5b28c33386a2b98b0678ba79766d66ba3d0e15

python3-libxml2-2.9.7-15.el8.ppc64le.rpm

SHA-256: c87e4ae9624fec5310e92a0c2d31829dcbc8a2fe4cfd581e4ec1d9a7fb31307f

python3-libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: 9f95c167abfbdb42601d53285ada3c03b9dcc59e8e452668f303069d6254d8cf

python3-libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: 9f95c167abfbdb42601d53285ada3c03b9dcc59e8e452668f303069d6254d8cf

Red Hat Enterprise Linux for ARM 64 8

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

aarch64

libxml2-2.9.7-15.el8.aarch64.rpm

SHA-256: e7c7465ba41f483d06bbdd8dc82fa73709f47793df1dc2165355213010ea5ec6

libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 5264ee9caf7408efaf7b4d6c92b50a9e5996dcf04298fb253d238fb794949064

libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 5264ee9caf7408efaf7b4d6c92b50a9e5996dcf04298fb253d238fb794949064

libxml2-debugsource-2.9.7-15.el8.aarch64.rpm

SHA-256: 605c51f08a4620c881d505cf39d28a7edebf07f3d83b1e36383c8451a462ed3d

libxml2-debugsource-2.9.7-15.el8.aarch64.rpm

SHA-256: 605c51f08a4620c881d505cf39d28a7edebf07f3d83b1e36383c8451a462ed3d

libxml2-devel-2.9.7-15.el8.aarch64.rpm

SHA-256: f9ba41ccbf1dbe2f42f41a1fd8703cde6d392c3bfc2dfa24f0f99061602e8496

python3-libxml2-2.9.7-15.el8.aarch64.rpm

SHA-256: a22e3d5c1521526eafbab591f6349b59c3cb65c3e810ce86c09f496961c4c741

python3-libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 34724cb0f89ff97f79819ae8532dcffc48a8920ae90f62bf1aded393815ccbd3

python3-libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 34724cb0f89ff97f79819ae8532dcffc48a8920ae90f62bf1aded393815ccbd3

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

RHSA-2023:4767: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2016-3709: A Cross-site scripting (XSS) vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

RHSA-2022:7435: Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update

An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...

Ubuntu Security Notice USN-5548-1

Ubuntu Security Notice 5548-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.