Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0173: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-40303: libxml2: integer overflows with XML_PARSE_HUGE
  • CVE-2022-40304: libxml2: dict corruption caused by entity reference cycles
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-16

Updated:

2023-01-16

RHSA-2023:0173 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libxml2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libxml2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

  • libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
  • libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE
  • BZ - 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles

Red Hat Enterprise Linux for x86_64 8

SRPM

libxml2-2.9.7-15.el8_7.1.src.rpm

SHA-256: a6e5d4b1c0fc667c38654dd97f18e1c1f994faa47f5cad4797821f130c356554

x86_64

libxml2-2.9.7-15.el8_7.1.i686.rpm

SHA-256: 3069cd2213a455bf18eab4467be5fe0e9d0d7cda1cffcba3598ed4b8e31da944

libxml2-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 4b57251d1762293d7b382ef28b9b297b74ab23302516bc9507a299aba8fa1da7

libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm

SHA-256: 7ddedc3842a3d41ec28e1a121d3cd882905430835929e63cdd0342847fe27360

libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm

SHA-256: 7ddedc3842a3d41ec28e1a121d3cd882905430835929e63cdd0342847fe27360

libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 793e0d50b6b44a5b41a97b8026aeaa72217e35ecdcc7a1d8719d4419e6ad3660

libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 793e0d50b6b44a5b41a97b8026aeaa72217e35ecdcc7a1d8719d4419e6ad3660

libxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm

SHA-256: d3ba798eb4a3d6fb135d9ef456d836c7c0a18e3576cef21ed5a0d62ac444d15f

libxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm

SHA-256: d3ba798eb4a3d6fb135d9ef456d836c7c0a18e3576cef21ed5a0d62ac444d15f

libxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 949f3b0f5d8a3f8f0179e127d6e4b75067f84d50d03674e512fb98d84ccdad95

libxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 949f3b0f5d8a3f8f0179e127d6e4b75067f84d50d03674e512fb98d84ccdad95

libxml2-devel-2.9.7-15.el8_7.1.i686.rpm

SHA-256: 270b9184706ec35c1b23ee5504d3bda487a0b3d520fc8cf62a966c39b9eab4b1

libxml2-devel-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 6d8411c6e72d1599b686b9d1b1c05fa3c15711438f01d985e551e12a3e89d0b6

python3-libxml2-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: de2ee8e86932ab317ff51b329f68e04b60187ca1d363544655c84a9fe54fb2dc

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm

SHA-256: a60998938ec26e9a31c5134e28399f4801e3f9b1b734f021333ec2a487470db4

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm

SHA-256: a60998938ec26e9a31c5134e28399f4801e3f9b1b734f021333ec2a487470db4

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 49007e8d6e3c121e03b3674580163d427392f6c9a93795c4c61eef3f6a8c78d2

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm

SHA-256: 49007e8d6e3c121e03b3674580163d427392f6c9a93795c4c61eef3f6a8c78d2

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

libxml2-2.9.7-15.el8_7.1.src.rpm

SHA-256: a6e5d4b1c0fc667c38654dd97f18e1c1f994faa47f5cad4797821f130c356554

s390x

libxml2-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 8ce863567727ee3d47b27c493993b63e754d88eb26bb75329966d8dec47c3ea3

libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 51eb26afc62bc06dd7afd3f4a1628eb030a38e1f23cd4d37ae2f6c559e274fbd

libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 51eb26afc62bc06dd7afd3f4a1628eb030a38e1f23cd4d37ae2f6c559e274fbd

libxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 5a24d3e315729ba0aee2eed9907c5bfd84795508f050c9270debe761e8e6b7f1

libxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 5a24d3e315729ba0aee2eed9907c5bfd84795508f050c9270debe761e8e6b7f1

libxml2-devel-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: 63d5dde8d060d6d023791f897f0e03e2a992a14a7da1e20e8e29e10d334feddd

python3-libxml2-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: c8ed58578702a879325d10506671a1265073c2642243580ae1ed4964173c430b

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: c50225e386bcb43d6ff05bd997915d460b5476e1dc25e2a5110e979c36b56651

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm

SHA-256: c50225e386bcb43d6ff05bd997915d460b5476e1dc25e2a5110e979c36b56651

Red Hat Enterprise Linux for Power, little endian 8

SRPM

libxml2-2.9.7-15.el8_7.1.src.rpm

SHA-256: a6e5d4b1c0fc667c38654dd97f18e1c1f994faa47f5cad4797821f130c356554

ppc64le

libxml2-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: e63ac813c56102133fe5a383c516226add204a1723e4732f895d3ae3d2d41689

libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 470ad6e2c83ef3e4690c2f7f1e7cc16ab6f9570204d001d518bacd20bb54fc51

libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 470ad6e2c83ef3e4690c2f7f1e7cc16ab6f9570204d001d518bacd20bb54fc51

libxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: b10662526ad41276c1025a6abe7aab3348cee959f09815f0e088d2c5c9c3b033

libxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: b10662526ad41276c1025a6abe7aab3348cee959f09815f0e088d2c5c9c3b033

libxml2-devel-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 5f14fb3e21ab155db70d3c6387749a9d97bb124a83c29159dfad1afc48a86313

python3-libxml2-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 0040f24234303d9b2e226fc8797c85522c97df3648cbbbd538711700e158fcc2

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 5250ebf796b358df04e01d88d724252c91d8e84e15194c80e140649b4d86b1f0

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm

SHA-256: 5250ebf796b358df04e01d88d724252c91d8e84e15194c80e140649b4d86b1f0

Red Hat Enterprise Linux for ARM 64 8

SRPM

libxml2-2.9.7-15.el8_7.1.src.rpm

SHA-256: a6e5d4b1c0fc667c38654dd97f18e1c1f994faa47f5cad4797821f130c356554

aarch64

libxml2-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 4ca3098fb1c8383021c939bb8e7739707d8aaab5c8faa0e085cf5f345f6991c3

libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: c1a2167b8e1710978923d9a1def8ac4688bdb474a0cb66bb6b191bc421755eda

libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: c1a2167b8e1710978923d9a1def8ac4688bdb474a0cb66bb6b191bc421755eda

libxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 19b233448bfc8c6163172cad1a1e4c970b7b91dd35b2a86de9ed2c3f675d9061

libxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 19b233448bfc8c6163172cad1a1e4c970b7b91dd35b2a86de9ed2c3f675d9061

libxml2-devel-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 1bcba58f9af26ad0a5ee9abc7c559a021d2d345a710c011f12cdd8306a181356

python3-libxml2-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 1ae49ad3cc043987583b1fc49f927d84aa02ff8c99f9bac03ec6af0283f7edd3

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 4b790b9b610cb953337d6e9d6d7cb8ee13c8207c062c1eb97eb2994fe5201085

python3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm

SHA-256: 4b790b9b610cb953337d6e9d6d7cb8ee13c8207c062c1eb97eb2994fe5201085

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Red Hat Security Advisory 2023-1448-01

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-1286-01

Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-1181-01

Red Hat Security Advisory 2023-1181-01 - OpenShift Serverless version 1.27.1 contains a moderate security impact. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:1047: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update

A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jque...

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

Red Hat Security Advisory 2023-0802-01

Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-0786-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0468-01

Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0466-01

Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

RHSA-2023:0468: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified

RHSA-2023:0467: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

RHSA-2023:0338: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40303: libxml2: integer overflows with XML_PARSE_HUGE * CVE-2022-40304: libxml2: dict corruption caused by entity reference cycles

Apple Security Advisory 2022-12-13-6

Apple Security Advisory 2022-12-13-6 - macOS Big Sur 11.7.2 addresses bypass, code execution, and integer overflow vulnerabilities.

Apple Security Advisory 2022-12-13-6

Apple Security Advisory 2022-12-13-6 - macOS Big Sur 11.7.2 addresses bypass, code execution, and integer overflow vulnerabilities.

Apple Security Advisory 2022-12-13-5

Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

Ubuntu Security Notice USN-5760-2

Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

Ubuntu Security Notice USN-5760-2

Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

Ubuntu Security Notice USN-5760-1

Ubuntu Security Notice 5760-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

CVE-2022-40304: v2.10.3 · Tags · GNOME / libxml2 · GitLab

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

CVE-2022-40304: v2.10.3 · Tags · GNOME / libxml2 · GitLab

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Apple Security Advisory 2022-11-09-2

Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2022-11-09-2

Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2022-11-09-1

Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.

Debian Security Advisory 5271-1

Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

Gentoo Linux Security Advisory 202210-39

Gentoo Linux Security Advisory 202210-39 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Versions less than 2.10.3 are affected.

Gentoo Linux Security Advisory 202210-39

Gentoo Linux Security Advisory 202210-39 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Versions less than 2.10.3 are affected.