Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1556: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
  • CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
  • CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
  • CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
  • CVE-2021-35604: mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
  • CVE-2021-46657: mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
  • CVE-2021-46658: mariadb: save_window_function_values triggers an abort during IN subquery
  • CVE-2021-46662: mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
  • CVE-2021-46666: mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
  • CVE-2021-46667: mariadb: Integer overflow in sql_lex.cc integer leading to crash
Red Hat Security Data
#sql#vulnerability#linux#red_hat#rce#ibm

Issued:

2022-04-26

Updated:

2022-04-26

RHSA-2022:1556 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: mariadb:10.3 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)

Security Fix(es):

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
  • mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
  • mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
  • mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
  • mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
  • mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
  • mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
  • mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)
  • MariaDB logrotate leads to “gzip: stdin: file size changed while zipping” (BZ#2050532)
  • Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)
  • Galera doesn’t work without ‘procps-ng’ package MariaDB-10.3 (BZ#2050550)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
  • BZ - 1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
  • BZ - 1981332 - mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command
  • BZ - 1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
  • BZ - 1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
  • BZ - 2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
  • BZ - 2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery
  • BZ - 2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
  • BZ - 2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
  • BZ - 2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
  • BZ - 2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash
  • BZ - 2050514 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.5.0.z]
  • BZ - 2050532 - MariaDB logrotate leads to “gzip: stdin: file size changed while zipping” [rhel-8.5.0.z]
  • BZ - 2050533 - Crash: WSREP: invalid state ROLLED_BACK (FATAL) [rhel-8.5.0.z]
  • BZ - 2050543 - Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) [rhel-8.5.0.z]
  • BZ - 2050550 - Galera doesn’t work without ‘procps-ng’ package MariaDB-10.3 [rhel-8.5.0.z]

CVEs

  • CVE-2021-2154
  • CVE-2021-2166
  • CVE-2021-2372
  • CVE-2021-2389
  • CVE-2021-35604
  • CVE-2021-46657
  • CVE-2021-46658
  • CVE-2021-46662
  • CVE-2021-46666
  • CVE-2021-46667

Red Hat Enterprise Linux for x86_64 8

SRPM

Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm

SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d

galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c

x86_64

Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm

SHA-256: 88a29f33354754a242d50476ca18bb99d2af3884742e4f31c276ebee7c69338a

Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm

SHA-256: f2ca433f1ce80240b1a4c7a66d967d877504b9d31264c774013f857ed2a05623

Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm

SHA-256: 6d430b0e9a8de476437df76c6c876444cc0635c1d3ca27a157c7c13e16668f70

galera-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 919b4d52a1482ee3f84e25d4d10cbf9d7b9cb0baf588e7dc23e8e0f64136a23e

galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 247d35c63b7b64e56345492618176b96d10f65479300005fa20398be800ad579

galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: bcdcda7629ceb0023e3e335d99c4127eb329a2286bb135d9792b96cf9b05ddcc

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: a56d7ea339194560c3cc019a4297cba3bae324ddba325ac228d1ee27a8150d5d

mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 2520eeeb8362f35fe1dfc83d01440b46a5265c0586f1df3a63749c09b558186d

mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: a7cd772591e7c829bf6adaae7ecf19e9cc809207e942fbb27e50a352006a5ec6

mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: aac703c468df86aa2a5c811a5bfbbe577688993cea9185795f2a3eb600c2a901

mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: df462d13812317bab9c7df65c3fc19814331b1328285a6122e1bf67bf2be30a5

mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: af6ebc4372ab59bd95c7019ec6c9f292bce34e138da27dc53569913f3346e35b

mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 3f3a748ed0c019dca84b3ff14e574a44ac0eeb73a0ef561d14e6feb27fd4ba09

mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 5233085a2ec645369ddcac50518bd787207a1d5f6fb1902d80025d9524bc26c8

mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: add174e8d511edeecc4c8f17da0609274ed95e0de25253f40bd0e8731d4e2917

mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 5057a74a739a55aea14fa13306df1ce023598a39ab6cb7d3b00f2dc613fecf3f

mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 7ab2ea4f40a32742377e9e85e8d19c8393a9b20a41848e54e292018fe708d76b

mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 2aeb041f155405fca829c028d94bfc13d26b757158e19b3c2011b4dbe970b696

mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 8300223ce98d74cde1252ba75b30907e633e687d4ccff8ad09353ca5613d8d3c

mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: be0d698e720a94481c0e27937589faf9248c8fbdfdf7c11e16ccccb148b80f23

mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 1d536bc061ab85affaf329d7a97c60a3bb805c03ab512cf20c669a7b6aefbd90

mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 3c71e48ac9fdf6a71ca6c8ac42d162bb8113f6e0a3bd94a9688f47ad9c134f97

mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: c14edf4ebfc431fa55a0d6dded1193b656eeeea2366ff0f97539f019748d5a30

mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: f2e1d3521578b43e25df7e06b548b30b14265ed4ff1f2559934f78c8b52ce5e3

mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: f149c97cb3739da6a83eb9142e171221408c2babc6b32f8e60c32115dea79179

mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: 050b1b9c1e9bd8d9443dcb9ec8a8c29930368a4a609860b222d86a351ffbc72b

mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: fd434bca5a9e0d6804a730afef1eb7f60d774ec9e159f3563a475a6e0b17d1ef

mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.x86_64.rpm

SHA-256: b7e9ac2cd4853d32fcd30bd21bfbaea43ca9f0a852e58caf76304474334f7c49

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm

SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d

galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c

s390x

Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm

SHA-256: 6550fe66f47ba0b586fca537c2a74b27ff5a6de4f0835aebf4a6c18d4ff88023

Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm

SHA-256: 114f89f67f07969dd85c9d9de4e0a7018de58839e3b4cc1f6c48d702e11afac2

Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm

SHA-256: 888333a49aee65e6d65a18eda4f13421f528698b1d8430e568fa36597f2b4bb9

galera-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 4d97adbfb12c003c6b272d429e97b5c2c21138d9abecd7a1984ff9524186c1a9

galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: a7c64711a5f530f9c0a100da8ea8898723645d26bd50741f7fb921e95fdb0d61

galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 5c2c67649e80360e2b97124f86b3415d6d024a322b463806dfa69d734945a3d7

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 0979229dab71272282683badcd7fd7aeb213a43c964655c65333ed283eb5cec3

mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 47be053e0f11c9909e689fa82c04cf2a5b6e67eb29055ce4cf68a19ca555c965

mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 33654d7e2cace3499e450392449c097e840fe5f08fa7dbd97e1e770ddd5c90c4

mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 6c95c547590660fb515727e3996276e9c9a9b1b000d6aa7231b8faa93a6ac1f3

mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 6a64d1601e8c75685e2087283cc31d977f348edf2c0aaa2a29c11b7ed3da1cb5

mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 315afe3042afc1d213dfc77aec527ee9122e34a93ba38411e00a10829828acbd

mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: b3b6741cc5cef73d378433c1e5a21b88feff70ce3f1dc3bb363c7b16102c412d

mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: ac88ecb0b7d3d18232f4063ce144160616a8db0dcf4aad31bbb59279b119f7ff

mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 5dac8a1019d2451974d2e91cf4fda8189a8ac65d0508753b76abeac88798623e

mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 5278e28fa275e63ed84c63a6fa862b7a1fb1311ce0ea4b0e23d6331384aa273b

mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 63cff6d19360d2435b22d83b2b5aa651f67112cc34628514aaf4f69201f75592

mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: e63fd4421098893d797395811c36b0ea9ba671f805a15ecc6df260d726aff9f2

mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: fcafb2abac23331c1390dc1a44c6737e19cc67da1a5601200a62eab03a979175

mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: ca811a5aaa340f48010db442d5e8dc156d03014825e8a107e95e929111d5176f

mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 39dd11dc87ab8989be1095ab9e4b74f5b650ceb80e6a5806ffd11d7c9544122e

mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 0c5fd6411af7ef901fd28dd749a659ca0f499dfbbf88d7922a9e9f8ffe9560b8

mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 58636b312594f07044b7f204c2093dbb50df4bfbfd27c84a7582bee88d60c939

mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: 64f79234b0390e3801fe3a65f3f64a6b1551e5cb8346e3e7e86f2e05d7b98666

mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: c0f8e05a2151a9b4936c10e09c773c92abcc9847d20e6afe64914be29f7d1616

mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: efcfcd4c57be1eff3f2c6fbe2ab165989ef4d7e70829d4f64d6b88fca0ed07fb

mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: e03362664e09450126011c8770038f8ac20990826951a8668723e5e38e5aeaf1

mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.s390x.rpm

SHA-256: d4b8b95da28ef90bdd95223e09628496e09aafa87b872ab35eeffaa4b8390b46

Red Hat Enterprise Linux for Power, little endian 8

SRPM

Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm

SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d

galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c

ppc64le

Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm

SHA-256: e784fa218dfe9e225caff5a29d988b7e5a0817dc2a67c59412f954482f8cacdf

Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm

SHA-256: 7d703e673d669a38b5242f6fe8e799f6aa07d0313f4dd6fd26d56fa849f2cc90

Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm

SHA-256: 5ff324427bd56c8f408cadfd25f697d8e004f1222ba10f38fc81f9df40a1f9d2

galera-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 9d1d4341bda3dd978962864d6e56fb498735b350394ab79528b5fe56a5bbfb98

galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 3ea3370fc35053813602e7abe65d5a75d9fb821d780ed85f802e409066f41e8d

galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 7000af07bb10c22b913de69200139fecf925836b6d7d3e80c9fd3e82c2de1897

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 892c2d2fd24c8733840c6de18387406ee84d3b3c52d7554426a0fa181e6ef541

mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 2a23bf9502df27348549b8a845fe97b838f0dcb80fbbdbb638a10b91ad259d57

mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: ab68f6b36638314b19c00a36667e345d5f7df65d199d306c4d3a72cbf71cd619

mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: f3b0eb7d8043cf06dc781942cd7e7e19be835ee0fda40d1697b3f4cff178b846

mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 8c5b6614296cf7fce029ec2770a482daeb9d209f9c33f4b45fb32e194922c19c

mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: d63b9f442ec9caf4e5693f1fad228eecdbae0fa301c2ef358ed3e4758f45c1fe

mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: d427479b5482c7cb315acf9901ee37cb7c37d48790cc6593b36894febbbf6a2d

mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 1e91fd68bac9a78909940e43b8eea2f217ca18bf587bae11b4e125616a63ff05

mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: acd93ee84649520a92dd6f7f5cf69c87905f937bc6054e6b5cf84e560a082b70

mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 4e1224da3f7c377c9d1df6c3d513a5e90769388f2a0e10558fb559e9ad6fe0e7

mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 649e237ab00cff31410c95315eac244af7a9d38e8455bde1907b464c49483cc7

mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 34e15f7ba6508d614ec9bbbbaec43581c6392cc35b3b66787c831e15fbf89db7

mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: c765e70d237622fb5bf286d311c072a693c8ed5bd22ee89434b5dac7f343e6fd

mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 011f2d44fe18ec1bd613a5356368c22ce6caf2b4d86ae552c6885fa437b34ea2

mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 803529dc5610c8204ac00f90a4eeb133d07967ae762e2aca1a7e1de01ae279a6

mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: a3f63522fa711ca041278a626ee84f9bc564ad1cfe65d36fc02be36c54329d46

mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 8e3702f66b4be44d4b616ad4dc00a9c8d88e59f86a19af241cc746a2548697d7

mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 752345753ed577f93b0e4e806359670e4f176faa71215885bc875dc94f6d8f4d

mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 4936d4c8b5383c6e1c9b16f29b69d4bc355e93e7063b5a3779eea06864bd3d8d

mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 8b174456d67a981ecc7ac8651389ac3b5f0b737bb7254af91dd6d3e68c1b806c

mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: adb3d9e47244a363e7ccab79febeef8aca5be443c23badc0852b822fa976d4d2

mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.ppc64le.rpm

SHA-256: 52be0f1b3b9aad820b2d0716a48500d57b630b4b4c63f755c1d61a5e609292df

Red Hat Enterprise Linux for ARM 64 8

SRPM

Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm

SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d

galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: 662cae8676911bf102bd25776dab054d6fa66ddc282ed5f61204a8b150247236

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm

SHA-256: d3146719cc15acc8233c914b63debd6254249032deb13278bfcf51a2638f121c

aarch64

Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm

SHA-256: ad91b391e8d7cda209f3fa037f34ac4730acb2c9c78f81be59d0ea39c1898ffe

Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm

SHA-256: 258e7e9864e4bc7f94e5ad2d89042378d6e4cee8d8d3cfe3007c7aa1ca570c78

Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm

SHA-256: 8dac3d16b779f27405dd2b096b09818018c8febb3dfe9b28b2b5cada1fdbda0f

galera-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 8098ba3e99519567b89abd9f9c6b16c787f7d3ab94182cbe770db57258c1a312

galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 636b947b0bda3362a475a1fcc2ac30975d548db9e8a047673e963f629ac1909d

galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 3f0005dea01f70a9219cd5cbdd4f3fc71efe73a70f7c06a6527f642f5e476e40

mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: f75e27fee6229e57663e3a7d9a2b41c150806916f6e1817e2bebf2a48922c40c

mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 60ffd1174ebd4f34b0eb961a5fed5e35f62d943b500c61286930833cdcea3397

mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 72dac7acb5b38cc7e484a11626cfab3460f39be2b842f1502a870c3dcf89316e

mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 85d0cfc7d2eabf8a9bb7b48f72dcf063cc529b9b616446f20162d996142091e9

mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 465fcf1952b54ef7c81cd22c20a47716fe3324626a7843dba7facbc528b2e4de

mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: ecbfba4126303281b94c228b0d0f6f46050185eedb30e619ca70e4f51fe5d83e

mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 24cc88e5f0095c1a38d6dd2a5becd79bbc857a21d35b94b6640f66cfd497a106

mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 8e24c33b28d013240555de3dab0cdc5473b5c05b2374c2b3b4aa862b5f5fc4ff

mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: d2a10086f6453e376df931be5e86ba1a128b3b8446c0aa9b8a4c46bb9c529bcc

mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 790124d36ffc890e3f3423dbcedc0dcb37c43dfc0baee37f0c74a0e27792fe29

mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 467bd12be5ace34611d9413f5785f1bd578b3d23893ec7f6c386b53a6b4e4c54

mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 36f590a077149cb48726f15d73add71c074431c8c6350be3c787daa789a5737c

mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 822781459bf234e7d9332791e562cbb781bfd232e26e9977310e6d69d752e5ef

mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 271e414d929b99dc8cffc1bf98a3333f989f3a74e6842df568539a0cd6e69bc0

mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 73b4d5a0149bf73e22d85dc54b2e1afa8f60c93b63335b7b1e7cc90b5f209520

mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 21e8a52ea1538e02ca3810a18a127be35a28a366ccc7d39bc462b7a15922a331

mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: ab217db64f61440d7d60477048efb10704a72f9f410b89289270c65a73c522dc

mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 3238cd513bcd4dfc0e25d5d46559fa518d483ff17886c3e7463dfc7bb72d2f3c

mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: c1bd8d8581e3d80002c523fea825ea9d9bd687fc0a4fa4f60a8d1d18ce291364

mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: 7f886be4d563d6b6cb7a4cae2d3f1f4b877131fddacf71c7db6b2d94f3a0283d

mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: e6c85a42c1c8adec6ff956f6feb24474c02d09375393a4c70220c72002d6ff28

mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

SHA-256: be468692bd306823b7360b173a2fb27cc9091a51ada9cc152877b4afa6e6dfbd

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-22323: IBM Security Identity Manager buffer overflow CVE-2022-22323 Vulnerability Report

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.

CVE-2021-38874: IBM QRadar information disclosure CVE-2021-38874 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

CVE-2021-38939: IBM QRadar information disclosure CVE-2021-38939 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

CVE-2022-22345: IBM QRadar cross-site scripting CVE-2022-22345 Vulnerability Report

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.

CVE-2022-22312: Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is vulnerable to a denial of service vulnerability (CVE-2022-22323, CVE-2022-22312)

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.

CVE-2022-24889: Build software better, together

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.

CVE-2022-27905: Security Advisory - State Farm

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

CVE-2022-27239: Linux CIFS Utils and Samba - Free Knowledge Base

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

RHSA-2022:1628: Red Hat Security Advisory: web-admin-build security update

Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache

RHSA-2022:1627: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.4 release and security update

Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1626: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.6 release and security update

Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1420: Red Hat Security Advisory: OpenShift Container Platform 3.11.665 security and bug fix update

Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...

RHSA-2022:1619: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1618: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1617: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1599: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

CVE-2022-28085: AddressSanitizer: heap-buffer-overflow in function pdf_write_names · Issue #480 · michaelrsweet/htmldoc

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).

CVE-2022-27332: Security Advisory ZAA-2022-01 | Zammad

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

CVE-2022-27331: Security Advisory ZAA-2022-02 | Zammad

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

CVE-2022-29701: Security Advisory ZAA-2022-04 | Zammad

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

CVE-2022-29700: Security Advisory ZAA-2022-03 | Zammad

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.

RHSA-2022:1546: Red Hat Security Advisory: polkit security update

An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash

RHSA-2022:1550: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1552: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char

RHSA-2022:1566: Red Hat Security Advisory: container-tools:2.0 security update

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1565: Red Hat Security Advisory: container-tools:3.0 security and bug fix update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1535: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1592: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1557: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...

RHSA-2022:1591: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

RHSA-2022:1555: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1589: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1537: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1540: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

RHSA-2022:1541: Red Hat Security Advisory: maven-shared-utils security update

An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

RHSA-2022:1539: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution