Headline

RHSA-2023:4766: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #auth #ibm

Synopsis

Important: cups security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for cups is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

cups: Information leak through Cups-Get-Document operation (CVE-2023-32360)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted automatically.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 2230495 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation

Red Hat Enterprise Linux Server 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

x86_64

cups-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 2d15b81491298e34c4c843f95f639c267eba8c8927313c70b3e9eca169ed90c6

cups-client-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 5e38162f84854bc5679c6ed4033ddf382106abed22b43a612fc3260163215767

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-devel-1.6.3-52.el7_9.i686.rpm

SHA-256: c9335bef7b10fbc5b3ca9dc4a2e3faaf777a2317021dc0a06aa15578e129307e

cups-devel-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 049e6e2e8cfcdd56c5cb310c8aef6562bea5f86d9c57aec6162b5e9f8767c4c4

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 03d400af0ee2dbf309aac026253173684f4d14507abec96fa8e497e799c90a85

cups-libs-1.6.3-52.el7_9.i686.rpm

SHA-256: 4ef450cd81e456f2381ec69e2a21c4a567a21a5b8ee78872aaf36850d822f722

cups-libs-1.6.3-52.el7_9.x86_64.rpm

SHA-256: dca0505f8429fc77fb8feddcaf57d60eeae4b4e7a9fc25e24cffb8db30c6f965

cups-lpd-1.6.3-52.el7_9.x86_64.rpm

SHA-256: c9af8802fe6a3528161d0f993e08dd1515d13ee17876878eb67e2f6e53368e63

Red Hat Enterprise Linux Workstation 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

x86_64

cups-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 2d15b81491298e34c4c843f95f639c267eba8c8927313c70b3e9eca169ed90c6

cups-client-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 5e38162f84854bc5679c6ed4033ddf382106abed22b43a612fc3260163215767

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-devel-1.6.3-52.el7_9.i686.rpm

SHA-256: c9335bef7b10fbc5b3ca9dc4a2e3faaf777a2317021dc0a06aa15578e129307e

cups-devel-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 049e6e2e8cfcdd56c5cb310c8aef6562bea5f86d9c57aec6162b5e9f8767c4c4

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 03d400af0ee2dbf309aac026253173684f4d14507abec96fa8e497e799c90a85

cups-libs-1.6.3-52.el7_9.i686.rpm

SHA-256: 4ef450cd81e456f2381ec69e2a21c4a567a21a5b8ee78872aaf36850d822f722

cups-libs-1.6.3-52.el7_9.x86_64.rpm

SHA-256: dca0505f8429fc77fb8feddcaf57d60eeae4b4e7a9fc25e24cffb8db30c6f965

cups-lpd-1.6.3-52.el7_9.x86_64.rpm

SHA-256: c9af8802fe6a3528161d0f993e08dd1515d13ee17876878eb67e2f6e53368e63

Red Hat Enterprise Linux Desktop 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

x86_64

cups-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 2d15b81491298e34c4c843f95f639c267eba8c8927313c70b3e9eca169ed90c6

cups-client-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 5e38162f84854bc5679c6ed4033ddf382106abed22b43a612fc3260163215767

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-devel-1.6.3-52.el7_9.i686.rpm

SHA-256: c9335bef7b10fbc5b3ca9dc4a2e3faaf777a2317021dc0a06aa15578e129307e

cups-devel-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 049e6e2e8cfcdd56c5cb310c8aef6562bea5f86d9c57aec6162b5e9f8767c4c4

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 03d400af0ee2dbf309aac026253173684f4d14507abec96fa8e497e799c90a85

cups-libs-1.6.3-52.el7_9.i686.rpm

SHA-256: 4ef450cd81e456f2381ec69e2a21c4a567a21a5b8ee78872aaf36850d822f722

cups-libs-1.6.3-52.el7_9.x86_64.rpm

SHA-256: dca0505f8429fc77fb8feddcaf57d60eeae4b4e7a9fc25e24cffb8db30c6f965

cups-lpd-1.6.3-52.el7_9.x86_64.rpm

SHA-256: c9af8802fe6a3528161d0f993e08dd1515d13ee17876878eb67e2f6e53368e63

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

s390x

cups-1.6.3-52.el7_9.s390x.rpm

SHA-256: 5c07b21f3a572849d64c87480aa02e378f5d4e1a854717fe9980585b642b2cc7

cups-client-1.6.3-52.el7_9.s390x.rpm

SHA-256: c418a2c7dc768066d1a0f5279d6536b262c849b8e07038a084a619906316b116

cups-debuginfo-1.6.3-52.el7_9.s390.rpm

SHA-256: a0308904caaab70e0093beb24be45fe86c34300b62cef9036b68395ec6286bb7

cups-debuginfo-1.6.3-52.el7_9.s390x.rpm

SHA-256: 8eac57a889509bf03f941c3be23d203508bc34d0aa651f5b7261933a74eb8d5e

cups-debuginfo-1.6.3-52.el7_9.s390x.rpm

SHA-256: 8eac57a889509bf03f941c3be23d203508bc34d0aa651f5b7261933a74eb8d5e

cups-devel-1.6.3-52.el7_9.s390.rpm

SHA-256: f095a597dc64f0e5226e0bf753160c6ee4e30a020c9370685b1185ec70bbc614

cups-devel-1.6.3-52.el7_9.s390x.rpm

SHA-256: f57f6148767e7193ec2ffd5420356ea631d8b136a65aef465a41fb8e390160da

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.s390x.rpm

SHA-256: 3e7536d7d1e79040de0e76dde4ee4006ffbef5531271134faee5c363e90152c5

cups-libs-1.6.3-52.el7_9.s390.rpm

SHA-256: 966528a80e151973043b8a176922bb210832a6d432d3e5cf16b9b06132ab43a0

cups-libs-1.6.3-52.el7_9.s390x.rpm

SHA-256: 51e962242342a0cd7d7c2350b9ebb8006a4e65146656ca4a9d9e5aaa6350ff5e

cups-lpd-1.6.3-52.el7_9.s390x.rpm

SHA-256: ce321da8306d16b35212b5acd679b7a6d3bdefc00ab81fc22259e54249e261ea

Red Hat Enterprise Linux for Power, big endian 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

ppc64

cups-1.6.3-52.el7_9.ppc64.rpm

SHA-256: a0813e4f52609852b0fe8ca5a312b9cae1dbc658200b004526d61ca6663261fd

cups-client-1.6.3-52.el7_9.ppc64.rpm

SHA-256: de4121f788dbb48b40c15a11e952fdb03bcef6748a5324b757106688439ba713

cups-debuginfo-1.6.3-52.el7_9.ppc.rpm

SHA-256: 3a95b3b3b7eea0379f29a05f53f01cdf8f97e7a8dff0955f00cade0331919293

cups-debuginfo-1.6.3-52.el7_9.ppc64.rpm

SHA-256: 24b9300572d656245d1f65c4c0fd124913af0fea4ccd734807555c2af7125c1b

cups-debuginfo-1.6.3-52.el7_9.ppc64.rpm

SHA-256: 24b9300572d656245d1f65c4c0fd124913af0fea4ccd734807555c2af7125c1b

cups-devel-1.6.3-52.el7_9.ppc.rpm

SHA-256: 5a570f39067a495e14c010dc9a9d179cf850b7dcef67be5393680cd8c092fa9c

cups-devel-1.6.3-52.el7_9.ppc64.rpm

SHA-256: 3d273513cc27297d5226a76d7b19ae8d132be679079384beb1f0e0ed6ea6db95

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.ppc64.rpm

SHA-256: e61a8c267253f7a46ab885f1c506cdd5b050e95612a3bbc0f82a77fb653a36f1

cups-libs-1.6.3-52.el7_9.ppc.rpm

SHA-256: a3889f2a4223a88f1b6216d8cf239675f12eefb5a7577634db040bfe8cf7a8d6

cups-libs-1.6.3-52.el7_9.ppc64.rpm

SHA-256: a3ecb169de191ac70eebc9f7e8c38364e0fc39727c983ed1403f684852c3d8f8

cups-lpd-1.6.3-52.el7_9.ppc64.rpm

SHA-256: 9501e15676d26d4042c0a11423255849faab98405d428444beb08b6816bc1ea0

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

x86_64

cups-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 2d15b81491298e34c4c843f95f639c267eba8c8927313c70b3e9eca169ed90c6

cups-client-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 5e38162f84854bc5679c6ed4033ddf382106abed22b43a612fc3260163215767

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.i686.rpm

SHA-256: 153433548af42328b843df951d8f553609be19611961668daf3717ee044d775a

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-debuginfo-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 677c9a6744a0b647957f5fc8d19f64691632b23821aa9b796f8244c819ba3f4d

cups-devel-1.6.3-52.el7_9.i686.rpm

SHA-256: c9335bef7b10fbc5b3ca9dc4a2e3faaf777a2317021dc0a06aa15578e129307e

cups-devel-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 049e6e2e8cfcdd56c5cb310c8aef6562bea5f86d9c57aec6162b5e9f8767c4c4

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.x86_64.rpm

SHA-256: 03d400af0ee2dbf309aac026253173684f4d14507abec96fa8e497e799c90a85

cups-libs-1.6.3-52.el7_9.i686.rpm

SHA-256: 4ef450cd81e456f2381ec69e2a21c4a567a21a5b8ee78872aaf36850d822f722

cups-libs-1.6.3-52.el7_9.x86_64.rpm

SHA-256: dca0505f8429fc77fb8feddcaf57d60eeae4b4e7a9fc25e24cffb8db30c6f965

cups-lpd-1.6.3-52.el7_9.x86_64.rpm

SHA-256: c9af8802fe6a3528161d0f993e08dd1515d13ee17876878eb67e2f6e53368e63

Red Hat Enterprise Linux for Power, little endian 7

SRPM

cups-1.6.3-52.el7_9.src.rpm

SHA-256: 2e6db688aa47ee77bd1f12703b6a143c5bcba0f325467081c8618dcd4c9d583c

ppc64le

cups-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: a33bd2fbb7b0b98a0ee751904dc4f56d44c29d40e520672d06ce5882e272bd39

cups-client-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: 27481c19c4bb752a77070359fbb23fcc98d594574cd9cffe01640dd501b5aef4

cups-debuginfo-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: be26ff72aa0cec60a5a5faa069fb16ec38b0a90503257adb3effe26f466bbf5a

cups-debuginfo-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: be26ff72aa0cec60a5a5faa069fb16ec38b0a90503257adb3effe26f466bbf5a

cups-devel-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: a365d5bccec6a876eccd21f5b7199fbbc3b80f0327a499b0740de04acc312e83

cups-filesystem-1.6.3-52.el7_9.noarch.rpm

SHA-256: 63997db2af43ad2bb9dde25374ff1cac098af8705299d84558da36758ec593f2

cups-ipptool-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: bdbe8b911b19166da1bf50640f942c1ace2eecc605ee2fa9d3d812cfe95621a7

cups-libs-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: 9e8668a862c15401573a6b89a1853765b6970302c0bcdaabf773edaa7739e3e7

cups-lpd-1.6.3-52.el7_9.ppc64le.rpm

SHA-256: 935f1bbe8a3596636302540be5653647f3fe0c4f5501999a5bcaaa9b0843afde

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

10 months ago

CVE

Open in Source

#vulnerability #windows #oracle #dell

RHSA-2023:5314: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #microsoft #linux #red_hat #dos #nodejs #js #kubernetes #perl #aws

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #kubernetes #aws #auth #ibm

RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #kubernetes #aws #auth #ibm

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

1 year ago

Packet Storm

Open in Source

#vulnerability #red_hat #auth #jira #sap

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #web #mac #red_hat #js #java #kubernetes #auth #rpm #jira

Ubuntu Security Notice USN-6361-1

Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.

1 year ago

Packet Storm

Open in Source

#vulnerability #ubuntu #auth

RHSA-2023:4933: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #kubernetes #aws #auth #ibm #sap

RHSA-2023:5001: Red Hat Security Advisory: OpenShift Container Platform 4.11.49 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #mac #linux #red_hat #kubernetes #vmware #alibaba #oauth #auth #ibm #rpm #docker

Red Hat Security Advisory 2023-4921-01

Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #web #red_hat #dos #js #java #auth

RHSA-2023:4921: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #dos #nodejs #js #java #kubernetes #aws #auth #ibm

Red Hat Security Advisory 2023-4864-01

Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js

Red Hat Security Advisory 2023-4838-01

Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js

Red Hat Security Advisory 2023-4769-01

Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js #i2p

RHSA-2023:4768: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #auth #sap

RHSA-2023:4771: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #auth #sap

CVE-2023-27940: About the security content of macOS Monterey 12.6.6

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections

1 year ago

CVE

Open in Source

#ios #mac #apple #google #microsoft #cisco #js #git #perl #buffer_overflow #auth #zero_day

CVE-2023-32369: About the security content of macOS Big Sur 11.7.7

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system

1 year ago

CVE

Open in Source

#ios #mac #apple #google #microsoft #cisco #js #git #perl #buffer_overflow #auth #zero_day

CVE-2023-32363: About the security content of macOS Ventura 13.4

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

1 year ago

CVE

Open in Source