Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5326: Red Hat Security Advisory: compat-openssl10 security update

An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#sap#ssl

Synopsis

Low: compat-openssl10 security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries.

Security Fix(es):

  • compat-openssl10: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Enterprise Linux for x86_64 8

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

x86_64

compat-openssl10-1.0.2o-4.el8_6.i686.rpm

SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d

compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3

compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm

SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9

compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce

compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm

SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45

compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

x86_64

compat-openssl10-1.0.2o-4.el8_6.i686.rpm

SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d

compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3

compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm

SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9

compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce

compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm

SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45

compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

x86_64

compat-openssl10-1.0.2o-4.el8_6.i686.rpm

SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d

compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3

compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm

SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9

compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce

compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm

SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45

compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

s390x

compat-openssl10-1.0.2o-4.el8_6.s390x.rpm

SHA-256: f5693fb0e9daf855e71e403bff66d090541d2c7f684354767764369bfedefe41

compat-openssl10-debuginfo-1.0.2o-4.el8_6.s390x.rpm

SHA-256: 76c062b8f0183942e96ad5487d7c059ac584d38722c88b88c13273a3610f7eda

compat-openssl10-debugsource-1.0.2o-4.el8_6.s390x.rpm

SHA-256: 10ae849fd5138dc8f4e2b8fa6fadb3ffdd1587a03beec18b170d2faec3c30bbd

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

s390x

compat-openssl10-1.0.2o-4.el8_6.s390x.rpm

SHA-256: f5693fb0e9daf855e71e403bff66d090541d2c7f684354767764369bfedefe41

compat-openssl10-debuginfo-1.0.2o-4.el8_6.s390x.rpm

SHA-256: 76c062b8f0183942e96ad5487d7c059ac584d38722c88b88c13273a3610f7eda

compat-openssl10-debugsource-1.0.2o-4.el8_6.s390x.rpm

SHA-256: 10ae849fd5138dc8f4e2b8fa6fadb3ffdd1587a03beec18b170d2faec3c30bbd

Red Hat Enterprise Linux for Power, little endian 8

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

ppc64le

compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5

compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf

compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

ppc64le

compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5

compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf

compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

x86_64

compat-openssl10-1.0.2o-4.el8_6.i686.rpm

SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d

compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3

compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm

SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9

compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce

compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm

SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45

compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb

Red Hat Enterprise Linux for ARM 64 8

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

aarch64

compat-openssl10-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 9aeda8a52adef97f62ea7671fa53f3466dfd1916c9a49adc0af19515529f856b

compat-openssl10-debuginfo-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 949e2db56702030dd2351a88fa5cbd41b1eaa750a3be17cec03d4f84bdef4a67

compat-openssl10-debugsource-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 463f824cf094ec4b21a13a114ff971ea6aa4f70b55a283fe250a26b9994cca82

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

aarch64

compat-openssl10-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 9aeda8a52adef97f62ea7671fa53f3466dfd1916c9a49adc0af19515529f856b

compat-openssl10-debuginfo-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 949e2db56702030dd2351a88fa5cbd41b1eaa750a3be17cec03d4f84bdef4a67

compat-openssl10-debugsource-1.0.2o-4.el8_6.aarch64.rpm

SHA-256: 463f824cf094ec4b21a13a114ff971ea6aa4f70b55a283fe250a26b9994cca82

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

ppc64le

compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5

compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf

compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm

SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

compat-openssl10-1.0.2o-4.el8_6.src.rpm

SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904

x86_64

compat-openssl10-1.0.2o-4.el8_6.i686.rpm

SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d

compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3

compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm

SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9

compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce

compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm

SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45

compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm

SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb

Related news

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

CVE-2022-43096: DGW Security Improvement Notes v48.5.2718 - Mediatrix

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-36965: SolarWinds Platform 2022.3 Release Notes

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

CVE-2022-31233: DSA-2022-158: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

CVE-2021-29790: Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-297

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-26657: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27930: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

CVE-2022-27932: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

Red Hat Security Advisory 2022-4899-01

Red Hat Security Advisory 2022-4899-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.

Red Hat Security Advisory 2022-4896-01

Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2022:4899: Red Hat Security Advisory: compat-openssl11 security and bug fix update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Security Advisory 2022-1357-01

Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.

RHSA-2022:4896: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0778: openssl:...

Red Hat Security Advisory 2022-4668-01

Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

RHSA-2022:4668: Red Hat Security Advisory: OpenShift Virtualization 4.10.1 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-0778

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities pa...

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.