Headline
RHSA-2022:4899: Red Hat Security Advisory: compat-openssl11 security and bug fix update
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Synopsis
Important: compat-openssl11 security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.
Security Fix(es):
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- compat-openssl11 breaks in FIPS (BZ#2091968)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Enterprise Linux for x86_64 9
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
x86_64
compat-openssl11-1.1.1k-4.el9_0.i686.rpm
SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350
compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265
compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm
SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193
compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9
compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm
SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2
compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
x86_64
compat-openssl11-1.1.1k-4.el9_0.i686.rpm
SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350
compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265
compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm
SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193
compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9
compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm
SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2
compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
s390x
compat-openssl11-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17
compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm
SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74
compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
s390x
compat-openssl11-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17
compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm
SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74
compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0
Red Hat Enterprise Linux for Power, little endian 9
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
ppc64le
compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4
compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131
compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
ppc64le
compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4
compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131
compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797
Red Hat Enterprise Linux for ARM 64 9
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
aarch64
compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3
compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471
compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
aarch64
compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3
compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471
compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
ppc64le
compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4
compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131
compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm
SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
x86_64
compat-openssl11-1.1.1k-4.el9_0.i686.rpm
SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350
compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265
compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm
SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193
compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9
compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm
SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2
compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm
SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
aarch64
compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3
compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471
compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm
SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
compat-openssl11-1.1.1k-4.el9_0.src.rpm
SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7
s390x
compat-openssl11-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17
compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm
SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74
compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm
SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0
Related news
Ubuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Implemented protections on AWS credentials that were not properly protected.
An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.
Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to...
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...