Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5252: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Red Hat Security Data
#vulnerability#web#ios#linux#red_hat#nodejs#js#kubernetes#intel#samba#aws#bios#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-19

Updated:

2023-09-19

RHSA-2023:5252 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: dmidecode security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dmidecode is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

Security Fix(es):

  • dmidecode: dump-bin to overwrite a local file (CVE-2023-30630)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2186669 - CVE-2023-30630 dmidecode: dump-bin to overwrite a local file

Red Hat Enterprise Linux for x86_64 8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

x86_64

dmidecode-3.3-4.el8_8.1.x86_64.rpm

SHA-256: b21410f293d9bec376d1b2fe80ac2e6bae686d6c2bd444a6a76046b454c30eb6

dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm

SHA-256: 702b3d2b302a8acbf4cf232a148da464781611162e7941026653135a209fad3c

dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm

SHA-256: a59bd235f62ca9f845f38ac9e66081080537449a15ee4559a8d1ccd21618686e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

x86_64

dmidecode-3.3-4.el8_8.1.x86_64.rpm

SHA-256: b21410f293d9bec376d1b2fe80ac2e6bae686d6c2bd444a6a76046b454c30eb6

dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm

SHA-256: 702b3d2b302a8acbf4cf232a148da464781611162e7941026653135a209fad3c

dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm

SHA-256: a59bd235f62ca9f845f38ac9e66081080537449a15ee4559a8d1ccd21618686e

Red Hat Enterprise Linux Server - TUS 8.8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

x86_64

dmidecode-3.3-4.el8_8.1.x86_64.rpm

SHA-256: b21410f293d9bec376d1b2fe80ac2e6bae686d6c2bd444a6a76046b454c30eb6

dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm

SHA-256: 702b3d2b302a8acbf4cf232a148da464781611162e7941026653135a209fad3c

dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm

SHA-256: a59bd235f62ca9f845f38ac9e66081080537449a15ee4559a8d1ccd21618686e

Red Hat Enterprise Linux for ARM 64 8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

aarch64

dmidecode-3.3-4.el8_8.1.aarch64.rpm

SHA-256: bba19e283dd9612498606dc87e7bbf791c9be0f5cdedec5b8dc94213a59e43b3

dmidecode-debuginfo-3.3-4.el8_8.1.aarch64.rpm

SHA-256: f91c1a82cc310a1dbb2abe27b3ee935ae778d5e0df3189c6440a3f4550421891

dmidecode-debugsource-3.3-4.el8_8.1.aarch64.rpm

SHA-256: ecbf0410a3403bb610bd777a420c4743faefdf39d6c623d8e1acb652233ef28b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

aarch64

dmidecode-3.3-4.el8_8.1.aarch64.rpm

SHA-256: bba19e283dd9612498606dc87e7bbf791c9be0f5cdedec5b8dc94213a59e43b3

dmidecode-debuginfo-3.3-4.el8_8.1.aarch64.rpm

SHA-256: f91c1a82cc310a1dbb2abe27b3ee935ae778d5e0df3189c6440a3f4550421891

dmidecode-debugsource-3.3-4.el8_8.1.aarch64.rpm

SHA-256: ecbf0410a3403bb610bd777a420c4743faefdf39d6c623d8e1acb652233ef28b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM

dmidecode-3.3-4.el8_8.1.src.rpm

SHA-256: fd8b50dac245cf7c9a1e659475c69ece031e7484724012b145869809f0a526f3

x86_64

dmidecode-3.3-4.el8_8.1.x86_64.rpm

SHA-256: b21410f293d9bec376d1b2fe80ac2e6bae686d6c2bd444a6a76046b454c30eb6

dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm

SHA-256: 702b3d2b302a8acbf4cf232a148da464781611162e7941026653135a209fad3c

dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm

SHA-256: a59bd235f62ca9f845f38ac9e66081080537449a15ee4559a8d1ccd21618686e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202407-26

Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.

Red Hat Security Advisory 2023-5447-01

Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5442-01

Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:5447: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.

RHSA-2023:5442: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...

RHSA-2023:5421: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

Red Hat Security Advisory 2023-5252-01

Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Red Hat Security Advisory 2023-5061-01

Red Hat Security Advisory 2023-5061-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

RHSA-2023:5061: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-30630: Dmidecode 3.5 has been released

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.