Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7088: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3515: libksba: integer overflow may lead to remote code execution
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#rce#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-10-24

Updated:

2022-10-24

RHSA-2022:7088 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libksba security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libksba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS.

Security Fix(es):

  • libksba: integer overflow may lead to remote code execution (CVE-2022-3515)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2135610 - CVE-2022-3515 libksba: integer overflow may lead to remote code execution

Red Hat Enterprise Linux Server 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

x86_64

libksba-1.3.0-6.el7_9.i686.rpm

SHA-256: 31c1fd131e35904e1fe0d0bf63ab8723ac2a84d58ffe947337eb5ad9c67f9882

libksba-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 3fa2f0dd7b5f8599403f064913ed70fdd45008bfab1e42ef17c775cd9ba5f87c

libksba-debuginfo-1.3.0-6.el7_9.i686.rpm

SHA-256: e0877030d6a7ced87b7ce8ca930abc251453f818c2f8e86f391851fb244fe48e

libksba-debuginfo-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 9e699e5da4904f36ed36c0b7a749c129bbd78afa5b87b5c639cedc2c4db348e7

libksba-devel-1.3.0-6.el7_9.i686.rpm

SHA-256: bfc9fc9624924bc7180a192862c61930d318738968bae0b306a8b109b919206e

libksba-devel-1.3.0-6.el7_9.x86_64.rpm

SHA-256: fb430878d132f743bee029baf3ebb54e65eeb54f66bdc874876a1e0d9db8df4d

Red Hat Enterprise Linux Workstation 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

x86_64

libksba-1.3.0-6.el7_9.i686.rpm

SHA-256: 31c1fd131e35904e1fe0d0bf63ab8723ac2a84d58ffe947337eb5ad9c67f9882

libksba-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 3fa2f0dd7b5f8599403f064913ed70fdd45008bfab1e42ef17c775cd9ba5f87c

libksba-debuginfo-1.3.0-6.el7_9.i686.rpm

SHA-256: e0877030d6a7ced87b7ce8ca930abc251453f818c2f8e86f391851fb244fe48e

libksba-debuginfo-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 9e699e5da4904f36ed36c0b7a749c129bbd78afa5b87b5c639cedc2c4db348e7

libksba-devel-1.3.0-6.el7_9.i686.rpm

SHA-256: bfc9fc9624924bc7180a192862c61930d318738968bae0b306a8b109b919206e

libksba-devel-1.3.0-6.el7_9.x86_64.rpm

SHA-256: fb430878d132f743bee029baf3ebb54e65eeb54f66bdc874876a1e0d9db8df4d

Red Hat Enterprise Linux Desktop 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

x86_64

libksba-1.3.0-6.el7_9.i686.rpm

SHA-256: 31c1fd131e35904e1fe0d0bf63ab8723ac2a84d58ffe947337eb5ad9c67f9882

libksba-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 3fa2f0dd7b5f8599403f064913ed70fdd45008bfab1e42ef17c775cd9ba5f87c

libksba-debuginfo-1.3.0-6.el7_9.i686.rpm

SHA-256: e0877030d6a7ced87b7ce8ca930abc251453f818c2f8e86f391851fb244fe48e

libksba-debuginfo-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 9e699e5da4904f36ed36c0b7a749c129bbd78afa5b87b5c639cedc2c4db348e7

libksba-devel-1.3.0-6.el7_9.i686.rpm

SHA-256: bfc9fc9624924bc7180a192862c61930d318738968bae0b306a8b109b919206e

libksba-devel-1.3.0-6.el7_9.x86_64.rpm

SHA-256: fb430878d132f743bee029baf3ebb54e65eeb54f66bdc874876a1e0d9db8df4d

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

s390x

libksba-1.3.0-6.el7_9.s390.rpm

SHA-256: ef2e0f9a143fa1a84d9c91fe277f7ccb7d1d7a8a0ca2f61855b3faaad4858aa5

libksba-1.3.0-6.el7_9.s390x.rpm

SHA-256: 7ca6d31c7833a75c51e1aef8d28c99a35af16e26136eb046934b69cb4ee316b2

libksba-debuginfo-1.3.0-6.el7_9.s390.rpm

SHA-256: 8a5a0ff93d780c56e154b798e148c6dcb7284c1f88a110eb4b24af2ebe61c139

libksba-debuginfo-1.3.0-6.el7_9.s390x.rpm

SHA-256: d267d0340969858d2a694afd14a79c190eaac8ee8d0b14a513819de609ac9b4d

libksba-devel-1.3.0-6.el7_9.s390.rpm

SHA-256: 77447c7c07b8a3d808cfd85082226edf77ba4d897b1157592d989fb3ab5e9871

libksba-devel-1.3.0-6.el7_9.s390x.rpm

SHA-256: 546642acf13d398d36d600a2463325230c71a88db84d1f2910f774165e73ac1c

Red Hat Enterprise Linux for Power, big endian 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

ppc64

libksba-1.3.0-6.el7_9.ppc.rpm

SHA-256: bd1a1a56e2da67448086b2984538db2f97dc1a5f6e7bd7b952fb7e4c5c355e41

libksba-1.3.0-6.el7_9.ppc64.rpm

SHA-256: b459b7b2e9a3fffb692889c539bda5b7803526a631c6f9ea0438a2534d9d6e66

libksba-debuginfo-1.3.0-6.el7_9.ppc.rpm

SHA-256: bd6d93b7a8ba1ecea7f3b49280718d7852e239d13e3f164a1cb3d70fd53c4309

libksba-debuginfo-1.3.0-6.el7_9.ppc64.rpm

SHA-256: ba89e15d31ca53debce5c0197f06f50988d3146c4f3a36c39175a9632ffa426b

libksba-devel-1.3.0-6.el7_9.ppc.rpm

SHA-256: 0491752c75cab0d478b791cb8652f10c1945089aa709fd6278d0b002ef8052e4

libksba-devel-1.3.0-6.el7_9.ppc64.rpm

SHA-256: 5ae61850b0677ab6fd06122969af1c5478af583d920aca45a4215798d50a41fa

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

x86_64

libksba-1.3.0-6.el7_9.i686.rpm

SHA-256: 31c1fd131e35904e1fe0d0bf63ab8723ac2a84d58ffe947337eb5ad9c67f9882

libksba-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 3fa2f0dd7b5f8599403f064913ed70fdd45008bfab1e42ef17c775cd9ba5f87c

libksba-debuginfo-1.3.0-6.el7_9.i686.rpm

SHA-256: e0877030d6a7ced87b7ce8ca930abc251453f818c2f8e86f391851fb244fe48e

libksba-debuginfo-1.3.0-6.el7_9.x86_64.rpm

SHA-256: 9e699e5da4904f36ed36c0b7a749c129bbd78afa5b87b5c639cedc2c4db348e7

libksba-devel-1.3.0-6.el7_9.i686.rpm

SHA-256: bfc9fc9624924bc7180a192862c61930d318738968bae0b306a8b109b919206e

libksba-devel-1.3.0-6.el7_9.x86_64.rpm

SHA-256: fb430878d132f743bee029baf3ebb54e65eeb54f66bdc874876a1e0d9db8df4d

Red Hat Enterprise Linux for Power, little endian 7

SRPM

libksba-1.3.0-6.el7_9.src.rpm

SHA-256: a7f7695eb1d56e328309293b8e1a5efd54e2f7ab1250b57d8ca2122cbfa296c9

ppc64le

libksba-1.3.0-6.el7_9.ppc64le.rpm

SHA-256: e3eaae0a040894e6f7ab8443bbc6039590a5a0bd1fe45e1e8682ddb50e079469

libksba-debuginfo-1.3.0-6.el7_9.ppc64le.rpm

SHA-256: 851a13e4989167654f771c293abe99d37c8a79114592077d823d4ec307c3911e

libksba-devel-1.3.0-6.el7_9.ppc64le.rpm

SHA-256: f9abcd774e0af36ca012f2e8bfa59a5c8a5d73562f4741042f12df13ceab99df

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

Red Hat Security Advisory 2023-0542-01

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

CVE-2022-3515: rK4b7d9cd4a018

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8634-01

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

RHSA-2022:8609: Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update

Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7927-01

Red Hat Security Advisory 2022-7927-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Red Hat Security Advisory 2022-7434-01

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

RHSA-2022:7434: Red Hat Security Advisory: Logging Subsystem 5.5.4 - Red Hat OpenShift security update

Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

RHSA-2022:6882: Red Hat Security Advisory: Openshift Logging 5.3.13 security and bug fix release

An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

Red Hat Security Advisory 2022-7407-01

Red Hat Security Advisory 2022-7407-01 - Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +.

Red Hat Security Advisory 2022-7313-01

Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-7201-01

Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-7283-01

Red Hat Security Advisory 2022-7283-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

RHSA-2022:7283: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution

Red Hat Security Advisory 2022-7209-01

Red Hat Security Advisory 2022-7209-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Ubuntu Security Notice USN-5688-2

Ubuntu Security Notice 5688-2 - USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

RHSA-2022:7209: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution

Red Hat Security Advisory 2022-7089-01

Red Hat Security Advisory 2022-7089-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Red Hat Security Advisory 2022-7090-01

Red Hat Security Advisory 2022-7090-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Red Hat Security Advisory 2022-7088-01

Red Hat Security Advisory 2022-7088-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

RHSA-2022:7090: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution

RHSA-2022:7089: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution

Ubuntu Security Notice USN-5688-1

Ubuntu Security Notice 5688-1 - It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.