Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4899: Red Hat Security Advisory: compat-openssl11 security and bug fix update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#sap#ssl

Synopsis

Important: compat-openssl11 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.

Security Fix(es):

  • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • compat-openssl11 breaks in FIPS (BZ#2091968)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Enterprise Linux for x86_64 9

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

x86_64

compat-openssl11-1.1.1k-4.el9_0.i686.rpm

SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350

compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265

compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm

SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193

compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9

compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm

SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2

compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

x86_64

compat-openssl11-1.1.1k-4.el9_0.i686.rpm

SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350

compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265

compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm

SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193

compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9

compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm

SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2

compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

s390x

compat-openssl11-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17

compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm

SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74

compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

s390x

compat-openssl11-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17

compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm

SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74

compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0

Red Hat Enterprise Linux for Power, little endian 9

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

ppc64le

compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4

compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131

compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

ppc64le

compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4

compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131

compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797

Red Hat Enterprise Linux for ARM 64 9

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

aarch64

compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3

compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471

compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

aarch64

compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3

compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471

compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

ppc64le

compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4

compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131

compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm

SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

x86_64

compat-openssl11-1.1.1k-4.el9_0.i686.rpm

SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350

compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265

compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm

SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193

compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9

compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm

SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2

compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm

SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

aarch64

compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3

compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471

compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm

SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

compat-openssl11-1.1.1k-4.el9_0.src.rpm

SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7

s390x

compat-openssl11-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17

compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm

SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74

compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm

SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0

Related news

Ubuntu Security Notice USN-6457-1

Ubuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

CVE-2023-37875: Wing FTP Server History

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.

CVE-2023-31195: RT-AX3000|WiFi Routers|ASUS Global

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

CVE-2023-25536: DSA-2023-035: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

CVE-2022-43096: DGW Security Improvement Notes v48.5.2718 - Mediatrix

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-36965: SolarWinds Platform 2022.3 Release Notes

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

CVE-2022-31233: DSA-2022-158: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

CVE-2021-29790: Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-297

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-27935: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-27930: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-26656: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

CVE-2022-27932: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

RHSA-2022:5326: Red Hat Security Advisory: compat-openssl10 security update

An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

CVE-2022-31230: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

RHSA-2022:5132: Red Hat Security Advisory: RHACS 3.68 security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext

Red Hat Security Advisory 2022-4956-01

Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

Red Hat Security Advisory 2022-4896-01

Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-1357-01

Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Red Hat Security Advisory 2022-4690-01

Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

RHSA-2022:4690: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-2216-01

Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:2217: Red Hat Security Advisory: Red Hat OpenShift Logging Security and Bug update Release 5.3.7

Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to...

Red Hat Security Advisory 2022-1747-01

Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...