Headline
RHSA-2022:5326: Red Hat Security Advisory: compat-openssl10 security update
An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Synopsis
Low: compat-openssl10 security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries.
Security Fix(es):
- compat-openssl10: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Enterprise Linux for x86_64 8
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
x86_64
compat-openssl10-1.0.2o-4.el8_6.i686.rpm
SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d
compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3
compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm
SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9
compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce
compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm
SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45
compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
x86_64
compat-openssl10-1.0.2o-4.el8_6.i686.rpm
SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d
compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3
compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm
SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9
compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce
compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm
SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45
compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
x86_64
compat-openssl10-1.0.2o-4.el8_6.i686.rpm
SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d
compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3
compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm
SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9
compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce
compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm
SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45
compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
s390x
compat-openssl10-1.0.2o-4.el8_6.s390x.rpm
SHA-256: f5693fb0e9daf855e71e403bff66d090541d2c7f684354767764369bfedefe41
compat-openssl10-debuginfo-1.0.2o-4.el8_6.s390x.rpm
SHA-256: 76c062b8f0183942e96ad5487d7c059ac584d38722c88b88c13273a3610f7eda
compat-openssl10-debugsource-1.0.2o-4.el8_6.s390x.rpm
SHA-256: 10ae849fd5138dc8f4e2b8fa6fadb3ffdd1587a03beec18b170d2faec3c30bbd
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
s390x
compat-openssl10-1.0.2o-4.el8_6.s390x.rpm
SHA-256: f5693fb0e9daf855e71e403bff66d090541d2c7f684354767764369bfedefe41
compat-openssl10-debuginfo-1.0.2o-4.el8_6.s390x.rpm
SHA-256: 76c062b8f0183942e96ad5487d7c059ac584d38722c88b88c13273a3610f7eda
compat-openssl10-debugsource-1.0.2o-4.el8_6.s390x.rpm
SHA-256: 10ae849fd5138dc8f4e2b8fa6fadb3ffdd1587a03beec18b170d2faec3c30bbd
Red Hat Enterprise Linux for Power, little endian 8
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
ppc64le
compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5
compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf
compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
ppc64le
compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5
compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf
compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
x86_64
compat-openssl10-1.0.2o-4.el8_6.i686.rpm
SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d
compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3
compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm
SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9
compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce
compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm
SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45
compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb
Red Hat Enterprise Linux for ARM 64 8
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
aarch64
compat-openssl10-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 9aeda8a52adef97f62ea7671fa53f3466dfd1916c9a49adc0af19515529f856b
compat-openssl10-debuginfo-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 949e2db56702030dd2351a88fa5cbd41b1eaa750a3be17cec03d4f84bdef4a67
compat-openssl10-debugsource-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 463f824cf094ec4b21a13a114ff971ea6aa4f70b55a283fe250a26b9994cca82
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
aarch64
compat-openssl10-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 9aeda8a52adef97f62ea7671fa53f3466dfd1916c9a49adc0af19515529f856b
compat-openssl10-debuginfo-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 949e2db56702030dd2351a88fa5cbd41b1eaa750a3be17cec03d4f84bdef4a67
compat-openssl10-debugsource-1.0.2o-4.el8_6.aarch64.rpm
SHA-256: 463f824cf094ec4b21a13a114ff971ea6aa4f70b55a283fe250a26b9994cca82
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
ppc64le
compat-openssl10-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 4403da57c28213d1cb1311373a785cc735eae4fe0939b633fee52712209beec5
compat-openssl10-debuginfo-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 515d7040553984f9cc00a45138172d61d11bfa6c3bde776ba6f407ee35e16bcf
compat-openssl10-debugsource-1.0.2o-4.el8_6.ppc64le.rpm
SHA-256: 1a951c2f2ce4edc81b70c038f74d4feb0c9ed44120785d625921c5137219a97b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
compat-openssl10-1.0.2o-4.el8_6.src.rpm
SHA-256: 91ca6fcaa43f7fd850f78887e8cba5678117dbb60f11d8df8900472778e97904
x86_64
compat-openssl10-1.0.2o-4.el8_6.i686.rpm
SHA-256: 6878488f1cb9781aa7b6ec4a383526f7fe9f39f9a2a1e1c5160868470e939b2d
compat-openssl10-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: c4180c00254dcd7dbd6e9c8c8ff8d451e2f085ce92cc3a63bb47775104659ac3
compat-openssl10-debuginfo-1.0.2o-4.el8_6.i686.rpm
SHA-256: 1a0ab22e963128880e033afd632c026508fba8dc7a802d4bd57b7f58fed11df9
compat-openssl10-debuginfo-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 6d2aa3529d5914418f1693c5d820160f779e5c12374a37e5d0cb3d73c78068ce
compat-openssl10-debugsource-1.0.2o-4.el8_6.i686.rpm
SHA-256: 114fca8fdec32d45c1f03a82d90e32e715eca13aa26ba3d4de5e8c6641b25a45
compat-openssl10-debugsource-1.0.2o-4.el8_6.x86_64.rpm
SHA-256: 326ba34e0fd76d890ec7ef92752a971206fa0f2a7204088e44aca255894acbcb
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Implemented protections on AWS credentials that were not properly protected.
Red Hat Security Advisory 2022-4899-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.
Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0778: openssl:...
Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities pa...
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.