Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7720: Red Hat Security Advisory: e2fsprogs security and bug fix update

An update for e2fsprogs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Moderate: e2fsprogs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for e2fsprogs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems.

Security Fix(es):

  • e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2069726 - CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem
  • BZ - 2083621 - e2fsprogs: Update for RHEL8.7

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

e2fsprogs-1.45.6-5.el8.src.rpm

SHA-256: 1c0771ea038777ecf84ba31cba0c3d221d39e351c1a6e7967857977c1949c792

x86_64

e2fsprogs-1.45.6-5.el8.x86_64.rpm

SHA-256: 7c49d34a15201878987049394397d688fd1895f8f8004f540ccef1e0366d4f5e

e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: e401120b2ea13edd146e13038371558b24423d3d8ed861fa5605b8f7d9bd76d9

e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: 2b7e737067f1a06329c59d14522307eb3bf64abd594815fdd6a5c4f9d86db506

e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm

SHA-256: c1cea2da0ffc6441718d251fbdf3c468c304076aca596b124a0e621d4b418d11

e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm

SHA-256: cac31b4b100dfb92fa1565c0996b5fd52eee70bb08ff00c2b72715d6f4b1af15

e2fsprogs-devel-1.45.6-5.el8.i686.rpm

SHA-256: dc38d6d51f0f9c3810a599036413bbc219410ad752e292de63e72dc29457199d

e2fsprogs-devel-1.45.6-5.el8.x86_64.rpm

SHA-256: 12a6e07f06dc809f81ed045fe6538c895db519ff2e4746082fcd0654df9e8e93

e2fsprogs-libs-1.45.6-5.el8.i686.rpm

SHA-256: 6fe5a28296d03094b4d5cfd3198e97a0f3295fc39fdccc90417d7ea3a0405b09

e2fsprogs-libs-1.45.6-5.el8.x86_64.rpm

SHA-256: 8e0e23d6a9399d9016d721467181d9abd3e888894149767b631889f1aeddf755

e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: d8c6da97266830dae7deb0459223d83b92a40f64bdc2f6d2b6bebcb1a5f0586f

e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: d76325192719abbd18c2fd24e67f1413301adbab02bc635637f95f2cf33d731b

libcom_err-1.45.6-5.el8.i686.rpm

SHA-256: 3fd6efc58a3a4a7a4f56fa63a043ce4dfa7ab672f94d8c5930c30ef464ad7703

libcom_err-1.45.6-5.el8.x86_64.rpm

SHA-256: 4ec238fdfb608694b5a973f624004b8671e4e787c6addfc3c8d486a6d3bcce8f

libcom_err-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: f244188a34b7e3bc8fa835fa9cc866fc964650e5fc5658fa53a1352de9ec8cd4

libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: cbb7e38e5c4517154c9a1123d06584af549bfae10f19c3e7e9b49e7fbe777c90

libcom_err-devel-1.45.6-5.el8.i686.rpm

SHA-256: f704a62c25158c0f1b5cb22afaf13fa80bb6d8c08158a5db66fa166790121bf7

libcom_err-devel-1.45.6-5.el8.x86_64.rpm

SHA-256: daaa2d9c45c10f613fdf08e0ca4187466bb831046391017f6eb5b54d6b42f4ce

libss-1.45.6-5.el8.i686.rpm

SHA-256: afaf30c0d084646d786da00b1849fe9d7aecb44109586a1972bec0ec59a96573

libss-1.45.6-5.el8.x86_64.rpm

SHA-256: 30c6dbc7d2dd8024a16fe2d00b01fa71f4a1ea9d4af5519dc092695d4fa735cf

libss-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: 8097ee004af1d6d659de2e42d487a2b287f26a164f81ae809c1710920efd1fd1

libss-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: 234ce57a2b4dbb251fcdb265051f05facdb1c0bc06fad26e0c4dfcbfeaf49926

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

e2fsprogs-1.45.6-5.el8.src.rpm

SHA-256: 1c0771ea038777ecf84ba31cba0c3d221d39e351c1a6e7967857977c1949c792

s390x

e2fsprogs-1.45.6-5.el8.s390x.rpm

SHA-256: f60531c9edd62d4f2aa05a4b48cfd7daef2748f546879fee407781aa4967dea1

e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: 2d867231cf21a0ecf729c62599f1dc2a664f20d09fd48a1fb79cd3e112f87ef6

e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm

SHA-256: 9a0bccff73e7f1a8dd4e0d2fd773ea06334fa90cd7ff2f7952266cf1beec5e71

e2fsprogs-devel-1.45.6-5.el8.s390x.rpm

SHA-256: def5d8995e2ca49331e61ac143217636fb2a0c2f8e6250ac2418962cf289d3b2

e2fsprogs-libs-1.45.6-5.el8.s390x.rpm

SHA-256: f4fd92e89e4fcd2e3b762cdff629e95f632c607c5b5e1cf40e00667091f73e51

e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: a2a0786eb38058257bdd7efd61d00cef7bae04c3258a5f6a29579641862c1f24

libcom_err-1.45.6-5.el8.s390x.rpm

SHA-256: 2d6b2829b00326934e8b149958d1042704d7e79fcb9538b489a7b0de93605c16

libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: ccf8dfc8e76636ea37177d379dc708c91e0e268931fc75576513f35de34dc8de

libcom_err-devel-1.45.6-5.el8.s390x.rpm

SHA-256: b73f19e643f90bce718e6bfe8a0a4376f836008bd61d599d53e49414aedb1cbe

libss-1.45.6-5.el8.s390x.rpm

SHA-256: 31b65d975dd5f7ecbfcf2a1602824fa30f6c2e487dbe0e0264af3b11bacf5a79

libss-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: cb220eb0eafa1fbb16035a1b04ab8661362871661259f45aa36d9700a351dff0

Red Hat Enterprise Linux for Power, little endian 8

SRPM

e2fsprogs-1.45.6-5.el8.src.rpm

SHA-256: 1c0771ea038777ecf84ba31cba0c3d221d39e351c1a6e7967857977c1949c792

ppc64le

e2fsprogs-1.45.6-5.el8.ppc64le.rpm

SHA-256: 90352ee8b0abbb687b95499d512de3b0f12778db376a2b0903b6563c0a791001

e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d3f1acad3d536ce69cec791870819f3304947b9a77d1247698ebf41bcf974923

e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm

SHA-256: c8870f3b625e9bfd059811fa774270ccdc7d89cf0ee16a61e1382206a2612f31

e2fsprogs-devel-1.45.6-5.el8.ppc64le.rpm

SHA-256: 560f7fb55104ac4f3523102ef4e310e426eb59f19991629c01e4ee1333dbbffe

e2fsprogs-libs-1.45.6-5.el8.ppc64le.rpm

SHA-256: 967fb4cbe639ffdc13c7cd8dffeea9b0b4d6f84dc9a56406564bb0a7fdbee6ef

e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d90cbff2d705fb5760971f255a3a85ce4af0fb301f07414abb9dad7bdc4c7495

libcom_err-1.45.6-5.el8.ppc64le.rpm

SHA-256: 007a56f54e367172f956ab5e093b57ca7e0e2cfc4b905b76bfcb8d2772bd1693

libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: 9343e3f516e5a3cc17e1805e4f6d98c6bb8acf13c520ff07cb0e2c5072787514

libcom_err-devel-1.45.6-5.el8.ppc64le.rpm

SHA-256: b3aacfa09fa7d5aa15384436ed4d63d7dd23c652c1c4d41ac17abbe1dfaf4f55

libss-1.45.6-5.el8.ppc64le.rpm

SHA-256: de2a5be1d82b2ab26eaf07fc6ed3c00d5bad1a18eae49ff7a8577f36831eee31

libss-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d2c4d308a4a591db546a5e358b63feba1ca789d9b47719652bb4cd1b2d5691a3

Red Hat Enterprise Linux for ARM 64 8

SRPM

e2fsprogs-1.45.6-5.el8.src.rpm

SHA-256: 1c0771ea038777ecf84ba31cba0c3d221d39e351c1a6e7967857977c1949c792

aarch64

e2fsprogs-1.45.6-5.el8.aarch64.rpm

SHA-256: a136862804f237c8243194e85d6b15361aba8aeb90cf004e61bb8fb55052940a

e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: 4f835fbef34a52af72ae6446b11c835bb38634c5a79b6920ee6349522104bf5a

e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm

SHA-256: 57370a21253443b6baf5b4f5c84050c752fbf5e5da6afec7790feb01c6d88c4f

e2fsprogs-devel-1.45.6-5.el8.aarch64.rpm

SHA-256: d989bb7cf9d0d13632a2d6dea09e0362d1560d4142e9bb5b5cf3025647565c14

e2fsprogs-libs-1.45.6-5.el8.aarch64.rpm

SHA-256: 476125cb449d4f38e4974ff44891dddc37e9b43175db71e3fabbe7d2bc0c853b

e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: e6f4ca633551faa7d0111f9ca5520f20eff47df03ffca5a4b2fa2964eb677b50

libcom_err-1.45.6-5.el8.aarch64.rpm

SHA-256: 091c66cfa39a987157fb8c94d70b45746c261147628697d69e81d1a8e4de93fe

libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: e84f66f58e471b92c9dfc72f2f3d3cbd8d1c411eafcae70dbe4595c7bc17673d

libcom_err-devel-1.45.6-5.el8.aarch64.rpm

SHA-256: a5550bafd536809eb6da86468d2181147cb35b564be2437bd9ef50349dc5c348

libss-1.45.6-5.el8.aarch64.rpm

SHA-256: 42b81bff1d63ccacd5eb40d02448604cfdb429b7f753164e7a96c8fe213e87ea

libss-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: 343f9eb2b2b7b24a900347b8a100d12e8d76392c2d7dc96a546c3c8c49a148a0

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: e401120b2ea13edd146e13038371558b24423d3d8ed861fa5605b8f7d9bd76d9

e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: 2b7e737067f1a06329c59d14522307eb3bf64abd594815fdd6a5c4f9d86db506

e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm

SHA-256: c1cea2da0ffc6441718d251fbdf3c468c304076aca596b124a0e621d4b418d11

e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm

SHA-256: cac31b4b100dfb92fa1565c0996b5fd52eee70bb08ff00c2b72715d6f4b1af15

e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: d8c6da97266830dae7deb0459223d83b92a40f64bdc2f6d2b6bebcb1a5f0586f

e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: d76325192719abbd18c2fd24e67f1413301adbab02bc635637f95f2cf33d731b

libcom_err-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: f244188a34b7e3bc8fa835fa9cc866fc964650e5fc5658fa53a1352de9ec8cd4

libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: cbb7e38e5c4517154c9a1123d06584af549bfae10f19c3e7e9b49e7fbe777c90

libss-debuginfo-1.45.6-5.el8.i686.rpm

SHA-256: 8097ee004af1d6d659de2e42d487a2b287f26a164f81ae809c1710920efd1fd1

libss-debuginfo-1.45.6-5.el8.x86_64.rpm

SHA-256: 234ce57a2b4dbb251fcdb265051f05facdb1c0bc06fad26e0c4dfcbfeaf49926

libss-devel-1.45.6-5.el8.i686.rpm

SHA-256: 0bdb44fbc7bc95bcafca1e5a7116a6cab990c9e11fd4acfcd1c3f24186561253

libss-devel-1.45.6-5.el8.x86_64.rpm

SHA-256: 30426a945049724fcee9142ba6da91f29acb5eb6bd74349fa4a30ad5214ea0f7

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d3f1acad3d536ce69cec791870819f3304947b9a77d1247698ebf41bcf974923

e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm

SHA-256: c8870f3b625e9bfd059811fa774270ccdc7d89cf0ee16a61e1382206a2612f31

e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d90cbff2d705fb5760971f255a3a85ce4af0fb301f07414abb9dad7bdc4c7495

libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: 9343e3f516e5a3cc17e1805e4f6d98c6bb8acf13c520ff07cb0e2c5072787514

libss-debuginfo-1.45.6-5.el8.ppc64le.rpm

SHA-256: d2c4d308a4a591db546a5e358b63feba1ca789d9b47719652bb4cd1b2d5691a3

libss-devel-1.45.6-5.el8.ppc64le.rpm

SHA-256: 7c23093f3d0bc91ed2aad65952749cf16cd7fb7f4e5cb159fa09a33a52e6b66b

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: 4f835fbef34a52af72ae6446b11c835bb38634c5a79b6920ee6349522104bf5a

e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm

SHA-256: 57370a21253443b6baf5b4f5c84050c752fbf5e5da6afec7790feb01c6d88c4f

e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: e6f4ca633551faa7d0111f9ca5520f20eff47df03ffca5a4b2fa2964eb677b50

libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: e84f66f58e471b92c9dfc72f2f3d3cbd8d1c411eafcae70dbe4595c7bc17673d

libss-debuginfo-1.45.6-5.el8.aarch64.rpm

SHA-256: 343f9eb2b2b7b24a900347b8a100d12e8d76392c2d7dc96a546c3c8c49a148a0

libss-devel-1.45.6-5.el8.aarch64.rpm

SHA-256: 4a8a1a3fbf37bb393f9621e4b677f1e7674ab5aa6d3245c24e29d5475ac7d90c

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: 2d867231cf21a0ecf729c62599f1dc2a664f20d09fd48a1fb79cd3e112f87ef6

e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm

SHA-256: 9a0bccff73e7f1a8dd4e0d2fd773ea06334fa90cd7ff2f7952266cf1beec5e71

e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: a2a0786eb38058257bdd7efd61d00cef7bae04c3258a5f6a29579641862c1f24

libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: ccf8dfc8e76636ea37177d379dc708c91e0e268931fc75576513f35de34dc8de

libss-debuginfo-1.45.6-5.el8.s390x.rpm

SHA-256: cb220eb0eafa1fbb16035a1b04ab8661362871661259f45aa36d9700a351dff0

libss-devel-1.45.6-5.el8.s390x.rpm

SHA-256: cfa21daf6b8bf46ac1bdaf88df47e0bcc45c4515fd8922f3a8a5086c0fed1a9c

Related news

Gentoo Linux Security Advisory 202402-15

Gentoo Linux Security Advisory 202402-15 - A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution. Versions greater than or equal to 1.46.6 are affected.

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

CVE-2023-25947: en/security-disclosure/2023/2023-03.md · OpenHarmony/security - Gitee.com

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

Red Hat Security Advisory 2023-0786-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

RHSA-2022:7435: Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update

An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...

RHSA-2022:8361: Red Hat Security Advisory: e2fsprogs security update

An update for e2fsprogs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

Red Hat Security Advisory 2022-7720-01

Red Hat Security Advisory 2022-7720-01 - The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Issues addressed include an out of bounds read vulnerability.

Ubuntu Security Notice USN-5464-1

Ubuntu Security Notice 5464-1 - Nils Bars discovered that e2fsprogs incorrectly handled certain file systems. A local attacker could use this issue with a crafted file system image to possibly execute arbitrary code.