Headline
RHSA-2022:1556: Red Hat Security Advisory: mariadb:10.3 security and bug fix update
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
- CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
- CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
- CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
- CVE-2021-35604: mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
- CVE-2021-46657: mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
- CVE-2021-46658: mariadb: save_window_function_values triggers an abort during IN subquery
- CVE-2021-46662: mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
- CVE-2021-46666: mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
- CVE-2021-46667: mariadb: Integer overflow in sql_lex.cc integer leading to crash
Issued:
2022-04-26
Updated:
2022-04-26
RHSA-2022:1556 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: mariadb:10.3 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)
Security Fix(es):
- mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
- mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
- mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
- mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
- mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
- mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
- mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)
- MariaDB logrotate leads to “gzip: stdin: file size changed while zipping” (BZ#2050532)
- Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)
- Galera doesn’t work without ‘procps-ng’ package MariaDB-10.3 (BZ#2050550)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
- BZ - 1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
- BZ - 1981332 - mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command
- BZ - 1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
- BZ - 1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
- BZ - 2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
- BZ - 2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery
- BZ - 2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
- BZ - 2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
- BZ - 2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
- BZ - 2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash
- BZ - 2050514 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.5.0.z]
- BZ - 2050532 - MariaDB logrotate leads to “gzip: stdin: file size changed while zipping” [rhel-8.5.0.z]
- BZ - 2050533 - Crash: WSREP: invalid state ROLLED_BACK (FATAL) [rhel-8.5.0.z]
- BZ - 2050543 - Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) [rhel-8.5.0.z]
- BZ - 2050550 - Galera doesn’t work without ‘procps-ng’ package MariaDB-10.3 [rhel-8.5.0.z]
CVEs
- CVE-2021-2154
- CVE-2021-2166
- CVE-2021-2372
- CVE-2021-2389
- CVE-2021-35604
- CVE-2021-46657
- CVE-2021-46658
- CVE-2021-46662
- CVE-2021-46666
- CVE-2021-46667
Red Hat Enterprise Linux for x86_64 8
SRPM
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d
galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c
x86_64
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
SHA-256: 88a29f33354754a242d50476ca18bb99d2af3884742e4f31c276ebee7c69338a
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
SHA-256: f2ca433f1ce80240b1a4c7a66d967d877504b9d31264c774013f857ed2a05623
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
SHA-256: 6d430b0e9a8de476437df76c6c876444cc0635c1d3ca27a157c7c13e16668f70
galera-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 919b4d52a1482ee3f84e25d4d10cbf9d7b9cb0baf588e7dc23e8e0f64136a23e
galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 247d35c63b7b64e56345492618176b96d10f65479300005fa20398be800ad579
galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: bcdcda7629ceb0023e3e335d99c4127eb329a2286bb135d9792b96cf9b05ddcc
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: a56d7ea339194560c3cc019a4297cba3bae324ddba325ac228d1ee27a8150d5d
mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 2520eeeb8362f35fe1dfc83d01440b46a5265c0586f1df3a63749c09b558186d
mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: a7cd772591e7c829bf6adaae7ecf19e9cc809207e942fbb27e50a352006a5ec6
mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: aac703c468df86aa2a5c811a5bfbbe577688993cea9185795f2a3eb600c2a901
mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: df462d13812317bab9c7df65c3fc19814331b1328285a6122e1bf67bf2be30a5
mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: af6ebc4372ab59bd95c7019ec6c9f292bce34e138da27dc53569913f3346e35b
mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 3f3a748ed0c019dca84b3ff14e574a44ac0eeb73a0ef561d14e6feb27fd4ba09
mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 5233085a2ec645369ddcac50518bd787207a1d5f6fb1902d80025d9524bc26c8
mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: add174e8d511edeecc4c8f17da0609274ed95e0de25253f40bd0e8731d4e2917
mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 5057a74a739a55aea14fa13306df1ce023598a39ab6cb7d3b00f2dc613fecf3f
mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 7ab2ea4f40a32742377e9e85e8d19c8393a9b20a41848e54e292018fe708d76b
mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 2aeb041f155405fca829c028d94bfc13d26b757158e19b3c2011b4dbe970b696
mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 8300223ce98d74cde1252ba75b30907e633e687d4ccff8ad09353ca5613d8d3c
mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: be0d698e720a94481c0e27937589faf9248c8fbdfdf7c11e16ccccb148b80f23
mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 1d536bc061ab85affaf329d7a97c60a3bb805c03ab512cf20c669a7b6aefbd90
mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 3c71e48ac9fdf6a71ca6c8ac42d162bb8113f6e0a3bd94a9688f47ad9c134f97
mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: c14edf4ebfc431fa55a0d6dded1193b656eeeea2366ff0f97539f019748d5a30
mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: f2e1d3521578b43e25df7e06b548b30b14265ed4ff1f2559934f78c8b52ce5e3
mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: f149c97cb3739da6a83eb9142e171221408c2babc6b32f8e60c32115dea79179
mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: 050b1b9c1e9bd8d9443dcb9ec8a8c29930368a4a609860b222d86a351ffbc72b
mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: fd434bca5a9e0d6804a730afef1eb7f60d774ec9e159f3563a475a6e0b17d1ef
mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm
SHA-256: b7e9ac2cd4853d32fcd30bd21bfbaea43ca9f0a852e58caf76304474334f7c49
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d
galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c
s390x
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
SHA-256: 6550fe66f47ba0b586fca537c2a74b27ff5a6de4f0835aebf4a6c18d4ff88023
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
SHA-256: 114f89f67f07969dd85c9d9de4e0a7018de58839e3b4cc1f6c48d702e11afac2
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
SHA-256: 888333a49aee65e6d65a18eda4f13421f528698b1d8430e568fa36597f2b4bb9
galera-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 4d97adbfb12c003c6b272d429e97b5c2c21138d9abecd7a1984ff9524186c1a9
galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: a7c64711a5f530f9c0a100da8ea8898723645d26bd50741f7fb921e95fdb0d61
galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 5c2c67649e80360e2b97124f86b3415d6d024a322b463806dfa69d734945a3d7
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 0979229dab71272282683badcd7fd7aeb213a43c964655c65333ed283eb5cec3
mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 47be053e0f11c9909e689fa82c04cf2a5b6e67eb29055ce4cf68a19ca555c965
mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 33654d7e2cace3499e450392449c097e840fe5f08fa7dbd97e1e770ddd5c90c4
mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 6c95c547590660fb515727e3996276e9c9a9b1b000d6aa7231b8faa93a6ac1f3
mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 6a64d1601e8c75685e2087283cc31d977f348edf2c0aaa2a29c11b7ed3da1cb5
mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 315afe3042afc1d213dfc77aec527ee9122e34a93ba38411e00a10829828acbd
mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: b3b6741cc5cef73d378433c1e5a21b88feff70ce3f1dc3bb363c7b16102c412d
mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: ac88ecb0b7d3d18232f4063ce144160616a8db0dcf4aad31bbb59279b119f7ff
mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 5dac8a1019d2451974d2e91cf4fda8189a8ac65d0508753b76abeac88798623e
mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 5278e28fa275e63ed84c63a6fa862b7a1fb1311ce0ea4b0e23d6331384aa273b
mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 63cff6d19360d2435b22d83b2b5aa651f67112cc34628514aaf4f69201f75592
mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: e63fd4421098893d797395811c36b0ea9ba671f805a15ecc6df260d726aff9f2
mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: fcafb2abac23331c1390dc1a44c6737e19cc67da1a5601200a62eab03a979175
mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: ca811a5aaa340f48010db442d5e8dc156d03014825e8a107e95e929111d5176f
mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 39dd11dc87ab8989be1095ab9e4b74f5b650ceb80e6a5806ffd11d7c9544122e
mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 0c5fd6411af7ef901fd28dd749a659ca0f499dfbbf88d7922a9e9f8ffe9560b8
mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 58636b312594f07044b7f204c2093dbb50df4bfbfd27c84a7582bee88d60c939
mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: 64f79234b0390e3801fe3a65f3f64a6b1551e5cb8346e3e7e86f2e05d7b98666
mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: c0f8e05a2151a9b4936c10e09c773c92abcc9847d20e6afe64914be29f7d1616
mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: efcfcd4c57be1eff3f2c6fbe2ab165989ef4d7e70829d4f64d6b88fca0ed07fb
mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: e03362664e09450126011c8770038f8ac20990826951a8668723e5e38e5aeaf1
mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm
SHA-256: d4b8b95da28ef90bdd95223e09628496e09aafa87b872ab35eeffaa4b8390b46
Red Hat Enterprise Linux for Power, little endian 8
SRPM
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d
galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c
ppc64le
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
SHA-256: e784fa218dfe9e225caff5a29d988b7e5a0817dc2a67c59412f954482f8cacdf
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
SHA-256: 7d703e673d669a38b5242f6fe8e799f6aa07d0313f4dd6fd26d56fa849f2cc90
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
SHA-256: 5ff324427bd56c8f408cadfd25f697d8e004f1222ba10f38fc81f9df40a1f9d2
galera-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 9d1d4341bda3dd978962864d6e56fb498735b350394ab79528b5fe56a5bbfb98
galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 3ea3370fc35053813602e7abe65d5a75d9fb821d780ed85f802e409066f41e8d
galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 7000af07bb10c22b913de69200139fecf925836b6d7d3e80c9fd3e82c2de1897
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 892c2d2fd24c8733840c6de18387406ee84d3b3c52d7554426a0fa181e6ef541
mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 2a23bf9502df27348549b8a845fe97b838f0dcb80fbbdbb638a10b91ad259d57
mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: ab68f6b36638314b19c00a36667e345d5f7df65d199d306c4d3a72cbf71cd619
mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: f3b0eb7d8043cf06dc781942cd7e7e19be835ee0fda40d1697b3f4cff178b846
mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 8c5b6614296cf7fce029ec2770a482daeb9d209f9c33f4b45fb32e194922c19c
mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: d63b9f442ec9caf4e5693f1fad228eecdbae0fa301c2ef358ed3e4758f45c1fe
mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: d427479b5482c7cb315acf9901ee37cb7c37d48790cc6593b36894febbbf6a2d
mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 1e91fd68bac9a78909940e43b8eea2f217ca18bf587bae11b4e125616a63ff05
mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: acd93ee84649520a92dd6f7f5cf69c87905f937bc6054e6b5cf84e560a082b70
mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 4e1224da3f7c377c9d1df6c3d513a5e90769388f2a0e10558fb559e9ad6fe0e7
mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 649e237ab00cff31410c95315eac244af7a9d38e8455bde1907b464c49483cc7
mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 34e15f7ba6508d614ec9bbbbaec43581c6392cc35b3b66787c831e15fbf89db7
mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: c765e70d237622fb5bf286d311c072a693c8ed5bd22ee89434b5dac7f343e6fd
mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 011f2d44fe18ec1bd613a5356368c22ce6caf2b4d86ae552c6885fa437b34ea2
mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 803529dc5610c8204ac00f90a4eeb133d07967ae762e2aca1a7e1de01ae279a6
mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: a3f63522fa711ca041278a626ee84f9bc564ad1cfe65d36fc02be36c54329d46
mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 8e3702f66b4be44d4b616ad4dc00a9c8d88e59f86a19af241cc746a2548697d7
mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 752345753ed577f93b0e4e806359670e4f176faa71215885bc875dc94f6d8f4d
mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 4936d4c8b5383c6e1c9b16f29b69d4bc355e93e7063b5a3779eea06864bd3d8d
mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 8b174456d67a981ecc7ac8651389ac3b5f0b737bb7254af91dd6d3e68c1b806c
mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: adb3d9e47244a363e7ccab79febeef8aca5be443c23badc0852b822fa976d4d2
mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm
SHA-256: 52be0f1b3b9aad820b2d0716a48500d57b630b4b4c63f755c1d61a5e609292df
Red Hat Enterprise Linux for ARM 64 8
SRPM
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d
galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm
SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c
aarch64
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
SHA-256: ad91b391e8d7cda209f3fa037f34ac4730acb2c9c78f81be59d0ea39c1898ffe
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
SHA-256: 258e7e9864e4bc7f94e5ad2d89042378d6e4cee8d8d3cfe3007c7aa1ca570c78
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
SHA-256: 8dac3d16b779f27405dd2b096b09818018c8febb3dfe9b28b2b5cada1fdbda0f
galera-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 8098ba3e99519567b89abd9f9c6b16c787f7d3ab94182cbe770db57258c1a312
galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 636b947b0bda3362a475a1fcc2ac30975d548db9e8a047673e963f629ac1909d
galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 3f0005dea01f70a9219cd5cbdd4f3fc71efe73a70f7c06a6527f642f5e476e40
mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: f75e27fee6229e57663e3a7d9a2b41c150806916f6e1817e2bebf2a48922c40c
mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 60ffd1174ebd4f34b0eb961a5fed5e35f62d943b500c61286930833cdcea3397
mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 72dac7acb5b38cc7e484a11626cfab3460f39be2b842f1502a870c3dcf89316e
mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 85d0cfc7d2eabf8a9bb7b48f72dcf063cc529b9b616446f20162d996142091e9
mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 465fcf1952b54ef7c81cd22c20a47716fe3324626a7843dba7facbc528b2e4de
mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: ecbfba4126303281b94c228b0d0f6f46050185eedb30e619ca70e4f51fe5d83e
mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 24cc88e5f0095c1a38d6dd2a5becd79bbc857a21d35b94b6640f66cfd497a106
mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 8e24c33b28d013240555de3dab0cdc5473b5c05b2374c2b3b4aa862b5f5fc4ff
mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: d2a10086f6453e376df931be5e86ba1a128b3b8446c0aa9b8a4c46bb9c529bcc
mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 790124d36ffc890e3f3423dbcedc0dcb37c43dfc0baee37f0c74a0e27792fe29
mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 467bd12be5ace34611d9413f5785f1bd578b3d23893ec7f6c386b53a6b4e4c54
mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 36f590a077149cb48726f15d73add71c074431c8c6350be3c787daa789a5737c
mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 822781459bf234e7d9332791e562cbb781bfd232e26e9977310e6d69d752e5ef
mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 271e414d929b99dc8cffc1bf98a3333f989f3a74e6842df568539a0cd6e69bc0
mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 73b4d5a0149bf73e22d85dc54b2e1afa8f60c93b63335b7b1e7cc90b5f209520
mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 21e8a52ea1538e02ca3810a18a127be35a28a366ccc7d39bc462b7a15922a331
mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: ab217db64f61440d7d60477048efb10704a72f9f410b89289270c65a73c522dc
mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 3238cd513bcd4dfc0e25d5d46559fa518d483ff17886c3e7463dfc7bb72d2f3c
mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: c1bd8d8581e3d80002c523fea825ea9d9bd687fc0a4fa4f60a8d1d18ce291364
mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: 7f886be4d563d6b6cb7a4cae2d3f1f4b877131fddacf71c7db6b2d94f3a0283d
mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: e6c85a42c1c8adec6ff956f6feb24474c02d09375393a4c70220c72002d6ff28
mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm
SHA-256: be468692bd306823b7360b173a2fb27cc9091a51ada9cc152877b4afa6e6dfbd
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache
Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...
An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution