Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8353: Red Hat Security Advisory: python3.9 security, bug fix, and enhancement update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2015-20107: python: mailcap: findmatch() function does not sanitize the second argument
  • CVE-2021-28861: python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Moderate: python3.9 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3.9 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version: python3.9 (3.9.14). (BZ#2128249)

Security Fix(es):

  • python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107)
  • python: open redirection vulnerability in lib/http/server.py may lead to information disclosure (CVE-2021-28861)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2054702 - hashlib.algorithms_available lists algorithms that are not available
  • BZ - 2059951 - Please backport testsuite fix into python in RHEL 9
  • BZ - 2075390 - CVE-2015-20107 python: mailcap: findmatch() function does not sanitize the second argument
  • BZ - 2120642 - CVE-2021-28861 python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
  • BZ - 2128249 - Autobind of empty unix socket on Linux broken since python 3.9 [rhel-9.1.0]

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

python3.9-3.9.14-1.el9.src.rpm

SHA-256: 5c515948303138fd408aa26d55e23147948e8c57dd24df15f7f34bfc392fcf51

x86_64

python-unversioned-command-3.9.14-1.el9.noarch.rpm

SHA-256: 7178c08f988a127d570a37ad630291bd773401b85de38cfb7b1855b9b8a13f1e

python3-3.9.14-1.el9.x86_64.rpm

SHA-256: 49e741d9b810140ec1af639caf2b1b9ca0c77a0360ae084366d02cb0414f6bde

python3-devel-3.9.14-1.el9.i686.rpm

SHA-256: fca14b66f95560c5323465bdb32fedeb1a2276a41a95a1b654b35d054bcf41c5

python3-devel-3.9.14-1.el9.x86_64.rpm

SHA-256: b1b80e8810511811ac25df01c96b17a6836df5102526bd1fd10074fa37ea4390

python3-libs-3.9.14-1.el9.i686.rpm

SHA-256: 6bf442cb021bc4155b2c4bdb1282349c79a681b0c91d95e1876b845f586a2f8f

python3-libs-3.9.14-1.el9.x86_64.rpm

SHA-256: be196d529957404a012f21419140e1cb000e3363649d55f91e66ffc58f970a7a

python3-tkinter-3.9.14-1.el9.x86_64.rpm

SHA-256: b20d220ed8388a5c2791299809685c04e3b2d39f3d02f30661545db40deac796

python3.9-debuginfo-3.9.14-1.el9.i686.rpm

SHA-256: cc9441fac57eb74062b4ab8b1da6a970f02ac5bd3df20b3db30d1701acd0c412

python3.9-debuginfo-3.9.14-1.el9.i686.rpm

SHA-256: cc9441fac57eb74062b4ab8b1da6a970f02ac5bd3df20b3db30d1701acd0c412

python3.9-debuginfo-3.9.14-1.el9.x86_64.rpm

SHA-256: 86d3bf8b67624cecb96398e057117373dbb6f8af2db48186b2df8312952c6644

python3.9-debuginfo-3.9.14-1.el9.x86_64.rpm

SHA-256: 86d3bf8b67624cecb96398e057117373dbb6f8af2db48186b2df8312952c6644

python3.9-debugsource-3.9.14-1.el9.i686.rpm

SHA-256: 56ce10ff7ed48e9b13f69b43ea678e8f741ce31896abb2be5900efbec907650e

python3.9-debugsource-3.9.14-1.el9.i686.rpm

SHA-256: 56ce10ff7ed48e9b13f69b43ea678e8f741ce31896abb2be5900efbec907650e

python3.9-debugsource-3.9.14-1.el9.x86_64.rpm

SHA-256: 3eb915dc932d0a42bdd6fc23941cb22c928aecdac31050bab0311881f1c19f2c

python3.9-debugsource-3.9.14-1.el9.x86_64.rpm

SHA-256: 3eb915dc932d0a42bdd6fc23941cb22c928aecdac31050bab0311881f1c19f2c

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

python3.9-3.9.14-1.el9.src.rpm

SHA-256: 5c515948303138fd408aa26d55e23147948e8c57dd24df15f7f34bfc392fcf51

s390x

python-unversioned-command-3.9.14-1.el9.noarch.rpm

SHA-256: 7178c08f988a127d570a37ad630291bd773401b85de38cfb7b1855b9b8a13f1e

python3-3.9.14-1.el9.s390x.rpm

SHA-256: 10ecde01f54bf7ceaad8bc2b2528af9312a62bf947f979445fcd835d4ec20e99

python3-devel-3.9.14-1.el9.s390x.rpm

SHA-256: 60c42af5f613e188442841a6d174725450f09c39390cbbcda16aa18b9e117ee2

python3-libs-3.9.14-1.el9.s390x.rpm

SHA-256: c99dd0179ae90b21680ab81b9add0e2a58566a57dcd6e5c73fd89f8c4c4b6671

python3-tkinter-3.9.14-1.el9.s390x.rpm

SHA-256: 2f02b5fc7060fdc14990da5f8799dab66313529551f805d63c418e67bf1b9068

python3.9-debuginfo-3.9.14-1.el9.s390x.rpm

SHA-256: 1a95e4e871be4aae5e691991bdc128f7e6e37a81e8fa4c2cbf7ebd50d62b63fc

python3.9-debuginfo-3.9.14-1.el9.s390x.rpm

SHA-256: 1a95e4e871be4aae5e691991bdc128f7e6e37a81e8fa4c2cbf7ebd50d62b63fc

python3.9-debugsource-3.9.14-1.el9.s390x.rpm

SHA-256: 6ba88840176123579ba333af11163bf4c5de479ade632c1d44cd79ba93badab4

python3.9-debugsource-3.9.14-1.el9.s390x.rpm

SHA-256: 6ba88840176123579ba333af11163bf4c5de479ade632c1d44cd79ba93badab4

Red Hat Enterprise Linux for Power, little endian 9

SRPM

python3.9-3.9.14-1.el9.src.rpm

SHA-256: 5c515948303138fd408aa26d55e23147948e8c57dd24df15f7f34bfc392fcf51

ppc64le

python-unversioned-command-3.9.14-1.el9.noarch.rpm

SHA-256: 7178c08f988a127d570a37ad630291bd773401b85de38cfb7b1855b9b8a13f1e

python3-3.9.14-1.el9.ppc64le.rpm

SHA-256: cdb4d30f64d96d163f4c177ef311fa6b51e12a04734282b9e8af431f79a4653b

python3-devel-3.9.14-1.el9.ppc64le.rpm

SHA-256: 436754b549cf7c36b135652b86857b59822785377efc653359c31a1ac4c48ff3

python3-libs-3.9.14-1.el9.ppc64le.rpm

SHA-256: 004239cbc91c83e7ab9a1281da4c76bf6c94f9e26f57140e9d830a8cc6eb1271

python3-tkinter-3.9.14-1.el9.ppc64le.rpm

SHA-256: ea8e7183f3f0e610fafe27fb0953b261741f7659d13ac981a20dd3fdc1d23400

python3.9-debuginfo-3.9.14-1.el9.ppc64le.rpm

SHA-256: 166c5668c9431ecbc679592ffc540e7fd9050253f0b7e5e742b5688634224555

python3.9-debuginfo-3.9.14-1.el9.ppc64le.rpm

SHA-256: 166c5668c9431ecbc679592ffc540e7fd9050253f0b7e5e742b5688634224555

python3.9-debugsource-3.9.14-1.el9.ppc64le.rpm

SHA-256: 762391d2a5d038a5449ed56b007e4cae09a92b167c9ae2a6f404421e612d7a63

python3.9-debugsource-3.9.14-1.el9.ppc64le.rpm

SHA-256: 762391d2a5d038a5449ed56b007e4cae09a92b167c9ae2a6f404421e612d7a63

Red Hat Enterprise Linux for ARM 64 9

SRPM

python3.9-3.9.14-1.el9.src.rpm

SHA-256: 5c515948303138fd408aa26d55e23147948e8c57dd24df15f7f34bfc392fcf51

aarch64

python-unversioned-command-3.9.14-1.el9.noarch.rpm

SHA-256: 7178c08f988a127d570a37ad630291bd773401b85de38cfb7b1855b9b8a13f1e

python3-3.9.14-1.el9.aarch64.rpm

SHA-256: 89572568e76faa0edc3cb06f95848abc37dfc170d4ce66d4d5ebff6dd965c3a1

python3-devel-3.9.14-1.el9.aarch64.rpm

SHA-256: 2f202218e69f7cefcfbc52bcbb599a92c835c90da230b71ea748479c154b50ba

python3-libs-3.9.14-1.el9.aarch64.rpm

SHA-256: cbdce6902501eef4192d765ee9b768a53cfee2fa2662e5abeefd597615ff2c04

python3-tkinter-3.9.14-1.el9.aarch64.rpm

SHA-256: 7d47a11c6c2da5bcea3f4c57b31752e7af534327d91b41da4434bc9c34b28e7d

python3.9-debuginfo-3.9.14-1.el9.aarch64.rpm

SHA-256: 52cf0cd52112ff06a440745353aa3b7195cd262c259eaaf7ed339b152994fd27

python3.9-debuginfo-3.9.14-1.el9.aarch64.rpm

SHA-256: 52cf0cd52112ff06a440745353aa3b7195cd262c259eaaf7ed339b152994fd27

python3.9-debugsource-3.9.14-1.el9.aarch64.rpm

SHA-256: 0798444e3beff594a336b38856ad7963d0df8b0c29b8eac4a9a382c76a6b541e

python3.9-debugsource-3.9.14-1.el9.aarch64.rpm

SHA-256: 0798444e3beff594a336b38856ad7963d0df8b0c29b8eac4a9a382c76a6b541e

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

python3-3.9.14-1.el9.i686.rpm

SHA-256: 82ab5cdd8e3eb38f98129ca8df1fd041889cfd4b461d5f05b5fd965d7ed960f9

python3-debug-3.9.14-1.el9.i686.rpm

SHA-256: e560891397011baa078ef750107f36c98e8d9394a62d1e29ea4fce34e6f7df62

python3-debug-3.9.14-1.el9.x86_64.rpm

SHA-256: 3f875a3d12a619babb2b72bd40681a6121c4e4e3de91f5ad49c69c2395782cf3

python3-idle-3.9.14-1.el9.i686.rpm

SHA-256: 1b20c6f0c5f125a61962c8e227855e3bb93f0a6f0eace7ba76220c9371e86bbe

python3-idle-3.9.14-1.el9.x86_64.rpm

SHA-256: 830f68ad203f220f594a3adbe0012d89e9eac6038457940ad752e0e8ccaaa79c

python3-test-3.9.14-1.el9.i686.rpm

SHA-256: 36fe76f6be599617e8fe585ad5d9c5da163e3cd4a11fe8d54bf33b6d489e1bac

python3-test-3.9.14-1.el9.x86_64.rpm

SHA-256: 7bfdbed473fc96b8aabdbdcdeea79c392ef02369a8d27baa6e464793a5d1ec17

python3-tkinter-3.9.14-1.el9.i686.rpm

SHA-256: 6d888932e02525a9740d57be42365e28704b3aac04e1b8aa38107a0600a92844

python3.9-debuginfo-3.9.14-1.el9.i686.rpm

SHA-256: cc9441fac57eb74062b4ab8b1da6a970f02ac5bd3df20b3db30d1701acd0c412

python3.9-debuginfo-3.9.14-1.el9.x86_64.rpm

SHA-256: 86d3bf8b67624cecb96398e057117373dbb6f8af2db48186b2df8312952c6644

python3.9-debugsource-3.9.14-1.el9.i686.rpm

SHA-256: 56ce10ff7ed48e9b13f69b43ea678e8f741ce31896abb2be5900efbec907650e

python3.9-debugsource-3.9.14-1.el9.x86_64.rpm

SHA-256: 3eb915dc932d0a42bdd6fc23941cb22c928aecdac31050bab0311881f1c19f2c

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

python3-debug-3.9.14-1.el9.ppc64le.rpm

SHA-256: 837495493399478e8ddaef03d538ba5b6f4d52b38ab4b1f7b43b3a223fa3fd64

python3-idle-3.9.14-1.el9.ppc64le.rpm

SHA-256: 152d1a000f5a3ca34cec9f748010dfc3f7782b20495bc7cc3b2cd342ba88513a

python3-test-3.9.14-1.el9.ppc64le.rpm

SHA-256: cf346146b0cb5628773326f304f9f6c6d984c830985de360625a7bfc22790bcc

python3.9-debuginfo-3.9.14-1.el9.ppc64le.rpm

SHA-256: 166c5668c9431ecbc679592ffc540e7fd9050253f0b7e5e742b5688634224555

python3.9-debugsource-3.9.14-1.el9.ppc64le.rpm

SHA-256: 762391d2a5d038a5449ed56b007e4cae09a92b167c9ae2a6f404421e612d7a63

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

python3-debug-3.9.14-1.el9.aarch64.rpm

SHA-256: 17907319773e3b3c6a07b0863a3ca79c2553d04d17584647ec7e6766542c74eb

python3-idle-3.9.14-1.el9.aarch64.rpm

SHA-256: 541cc5e3ef9ab41afb2ca59e8d35a903871a216903a64855a771181438ff2d94

python3-test-3.9.14-1.el9.aarch64.rpm

SHA-256: 038d7823c2c6a8090ebe2b2fb94dde0c48056e2bf5072ba57f3a5acf5dffb9d5

python3.9-debuginfo-3.9.14-1.el9.aarch64.rpm

SHA-256: 52cf0cd52112ff06a440745353aa3b7195cd262c259eaaf7ed339b152994fd27

python3.9-debugsource-3.9.14-1.el9.aarch64.rpm

SHA-256: 0798444e3beff594a336b38856ad7963d0df8b0c29b8eac4a9a382c76a6b541e

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

python3-debug-3.9.14-1.el9.s390x.rpm

SHA-256: 31db26d692caf517aabe80e86559bf5f55bcba4083268d559c2620b6c15de50b

python3-idle-3.9.14-1.el9.s390x.rpm

SHA-256: caff6fd2825a4b07f0e31dbfeea8a8ab8bbdac9b5214b489a188dd7e81dfcc8b

python3-test-3.9.14-1.el9.s390x.rpm

SHA-256: 6b0d7bc9ff54a3f9b45f2ca8c7d94d1eceae6b9e5e91d8d969cfb5ce9edecbe1

python3.9-debuginfo-3.9.14-1.el9.s390x.rpm

SHA-256: 1a95e4e871be4aae5e691991bdc128f7e6e37a81e8fa4c2cbf7ebd50d62b63fc

python3.9-debugsource-3.9.14-1.el9.s390x.rpm

SHA-256: 6ba88840176123579ba333af11163bf4c5de479ade632c1d44cd79ba93badab4

Related news

CVE-2022-36777: Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:2104: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

Red Hat Security Advisory 2023-2061-01

Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2023-01

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:1816: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Red Hat Security Advisory 2023-1448-01

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:1454: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...

RHSA-2023:1453: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-0931-01

Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-0932-01

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1170-01

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:0931: Red Hat Security Advisory: Logging Subsystem 5.4.12 - Red Hat OpenShift

Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to alloc...

RHSA-2023:0930: Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift

Logging Subsystem 5.5.8 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

RHSA-2023:1170: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update

Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.

RHSA-2023:0932: Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift

Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

Ubuntu Security Notice USN-5888-1

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2023-0833-01

Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

RHSA-2023:0833: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this v...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:7581: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-20107: python: mailcap: findmatch() function does not sanitize the second argument

Red Hat Security Advisory 2022-7055-01

Red Hat Security Advisory 2022-7055-01 - An update is now available for Red Hat Openshift distributed tracing 2.6.0. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:7055: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-31129: moment: inefficient parsing algorithm resulting ...

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Red Hat Security Advisory 2022-6766-01

Red Hat Security Advisory 2022-6766-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

Red Hat Security Advisory 2022-6766-01

Red Hat Security Advisory 2022-6766-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

RHSA-2022:6766: Red Hat Security Advisory: rh-python38-python security update

An update for rh-python38-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument * CVE-2020-10735: python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS * CVE-2021-28861: python: an open redirection vulnerability in lib/http/server.py may lead to information disclosure

RHSA-2022:6766: Red Hat Security Advisory: rh-python38-python security update

An update for rh-python38-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument * CVE-2020-10735: python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS * CVE-2021-28861: python: an open redirection vulnerability in lib/http/server.py may lead to information disclosure

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Ubuntu Security Notice USN-5629-1

Ubuntu Security Notice 5629-1 - It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.

Red Hat Security Advisory 2022-6457-01

Red Hat Security Advisory 2022-6457-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

RHSA-2022:6457: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument * CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

Ubuntu Security Notice USN-5519-1

Ubuntu Security Notice 5519-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.