Headline
RHSA-2023:0116: Red Hat Security Advisory: libtasn1 security update
An update for libtasn1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-46848: libtasn1: Out-of-bound access in ETYPE_OK
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-12
Updated:
2023-01-12
RHSA-2023:0116 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libtasn1 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libtasn1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.
Security Fix(es):
- libtasn1: Out-of-bound access in ETYPE_OK (CVE-2021-46848)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2140058 - CVE-2021-46848 libtasn1: Out-of-bound access in ETYPE_OK
Red Hat Enterprise Linux for x86_64 8
SRPM
libtasn1-4.13-4.el8_7.src.rpm
SHA-256: 5b78c7f17a919f78283a2df1b6f8f2efe98434817a746e57321237328a80ea45
x86_64
libtasn1-4.13-4.el8_7.i686.rpm
SHA-256: 80817b33f97ef1d00835e1cf1815dc695cbc6092a4427ebf2d4d88922f3e43c6
libtasn1-4.13-4.el8_7.x86_64.rpm
SHA-256: 02fcb1788b6744a6ace0ef01de9e6df4006b83f6f4957bed3eee5b77b9b6ba0e
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm
SHA-256: 7df3a54abb9e6782133ac009d1953bf75e7f2da8ce1510c1858d786fae631a48
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm
SHA-256: 7df3a54abb9e6782133ac009d1953bf75e7f2da8ce1510c1858d786fae631a48
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm
SHA-256: b6cf193249c630756092e44b4d930c85c388f55a91bce3a0da8173eba71b1ddf
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm
SHA-256: b6cf193249c630756092e44b4d930c85c388f55a91bce3a0da8173eba71b1ddf
libtasn1-debugsource-4.13-4.el8_7.i686.rpm
SHA-256: 2efa9d604e6f7de0fb52587cf4b201cf89dd261ec30a3cd4e6b8eeb1eaa5696e
libtasn1-debugsource-4.13-4.el8_7.i686.rpm
SHA-256: 2efa9d604e6f7de0fb52587cf4b201cf89dd261ec30a3cd4e6b8eeb1eaa5696e
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm
SHA-256: 16b2bb7831060951d898329e0ba6fbce6a0cbcfe5341a41648bdebcc6dd2adbe
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm
SHA-256: 16b2bb7831060951d898329e0ba6fbce6a0cbcfe5341a41648bdebcc6dd2adbe
libtasn1-devel-4.13-4.el8_7.i686.rpm
SHA-256: 9cf0c690ae8bf4584f4701fc202290030d6bffee15e82ba27f4872d883096fdd
libtasn1-devel-4.13-4.el8_7.x86_64.rpm
SHA-256: 7e235dd22f11e30b882b2aaf6f0fb02c887793a297c254dcf4d2a487f14ba720
libtasn1-tools-4.13-4.el8_7.x86_64.rpm
SHA-256: c1dc1701201913012d88145eb42835e5cabbbc73fc0138d3ef93c90adfc9a297
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm
SHA-256: 800631665501c38d1b4d1ba08bfd6f436fed7f638cb1457d3287f8dfc08fa03d
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm
SHA-256: 800631665501c38d1b4d1ba08bfd6f436fed7f638cb1457d3287f8dfc08fa03d
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm
SHA-256: 4af599fc9f7ce3bc76e3a049a5a428501c2e9b30f263281b7a5457c5f73d73a9
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm
SHA-256: 4af599fc9f7ce3bc76e3a049a5a428501c2e9b30f263281b7a5457c5f73d73a9
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
libtasn1-4.13-4.el8_7.src.rpm
SHA-256: 5b78c7f17a919f78283a2df1b6f8f2efe98434817a746e57321237328a80ea45
s390x
libtasn1-4.13-4.el8_7.s390x.rpm
SHA-256: 1da6c3bc267196ee5e924e891be834350d5e645d836b80125731ccff9500a855
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm
SHA-256: dcd9bc5092a174743f95c04521147b8d96772f817195d9afb1bdb8121fce9e77
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm
SHA-256: dcd9bc5092a174743f95c04521147b8d96772f817195d9afb1bdb8121fce9e77
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm
SHA-256: 3778344572ab1d7b78d15ece9ed1c3ed01abc860953c3897031026ed19610a48
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm
SHA-256: 3778344572ab1d7b78d15ece9ed1c3ed01abc860953c3897031026ed19610a48
libtasn1-devel-4.13-4.el8_7.s390x.rpm
SHA-256: 2852955b5f123f6ff93166bf47fe608234c403bbbed17fab5a57bea2728232ae
libtasn1-tools-4.13-4.el8_7.s390x.rpm
SHA-256: 0b82b159d04f2ee55eabf68a8b06e1d758a8bb57a8df90140114f193d0e0f004
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm
SHA-256: 96c0238867d0f2de49935942241c9c066347f5e86b3996c0dac2f9eb3d8ad4b3
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm
SHA-256: 96c0238867d0f2de49935942241c9c066347f5e86b3996c0dac2f9eb3d8ad4b3
Red Hat Enterprise Linux for Power, little endian 8
SRPM
libtasn1-4.13-4.el8_7.src.rpm
SHA-256: 5b78c7f17a919f78283a2df1b6f8f2efe98434817a746e57321237328a80ea45
ppc64le
libtasn1-4.13-4.el8_7.ppc64le.rpm
SHA-256: 892e94ae6f7dbe3aa017a77749f72f82f7f8019277b3ea090a733a116acab578
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm
SHA-256: 3e6ae7192f6473f9b8b6163b6de5eb175d6324d5cb3fa48ac4d038312a558e92
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm
SHA-256: 3e6ae7192f6473f9b8b6163b6de5eb175d6324d5cb3fa48ac4d038312a558e92
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm
SHA-256: 4080e45d1494ce2aae1792e31cea01de294c146058f4778585e704406f7a6760
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm
SHA-256: 4080e45d1494ce2aae1792e31cea01de294c146058f4778585e704406f7a6760
libtasn1-devel-4.13-4.el8_7.ppc64le.rpm
SHA-256: 31c5a50b109faa547f8798785f3ef792aa25ae506a2cf5984b6d73bd565a0c62
libtasn1-tools-4.13-4.el8_7.ppc64le.rpm
SHA-256: 97d3bcdf325e369ccf5a7e34caa4e086606b0cc3a6b6251e6a46073ba0a205b7
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm
SHA-256: b946546890aadb86702183b78e7d79c05316401336c481f58e5198269b492f3e
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm
SHA-256: b946546890aadb86702183b78e7d79c05316401336c481f58e5198269b492f3e
Red Hat Enterprise Linux for ARM 64 8
SRPM
libtasn1-4.13-4.el8_7.src.rpm
SHA-256: 5b78c7f17a919f78283a2df1b6f8f2efe98434817a746e57321237328a80ea45
aarch64
libtasn1-4.13-4.el8_7.aarch64.rpm
SHA-256: 53ac369129d0a754d7c3606527a43983fb1c6ed7bf647295402158966e600235
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm
SHA-256: c26021156d7437c680b66274740cf7e8169ef4042e0d180783db686ed422b505
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm
SHA-256: c26021156d7437c680b66274740cf7e8169ef4042e0d180783db686ed422b505
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm
SHA-256: 2d48ea106fde7c3066e7c04dc4a8c9396501f62215bbe8993dd2e4c79124e0ab
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm
SHA-256: 2d48ea106fde7c3066e7c04dc4a8c9396501f62215bbe8993dd2e4c79124e0ab
libtasn1-devel-4.13-4.el8_7.aarch64.rpm
SHA-256: ce9c6cedaa6351a0e1f8b27bf0d6e205b9e3fe436eb96ecc5346fc4a45630902
libtasn1-tools-4.13-4.el8_7.aarch64.rpm
SHA-256: 6458677b552dab88ad230e1bf3e6a8cc6e3458f7ad3b93805f8797015dcff618
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm
SHA-256: 9ec482923fb6fea7faec19c7a7e96dd22b3fba78fed55ddcfeab471de5f99600
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm
SHA-256: 9ec482923fb6fea7faec19c7a7e96dd22b3fba78fed55ddcfeab471de5f99600
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-1181-01 - OpenShift Serverless version 1.27.1 contains a moderate security impact. This release includes security and bug fixes, and enhancements.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).
An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to c...
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...
Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25749: kubelet: runAsNonRoot logic bypass for Windows containers * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter *...
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled
An update for libtasn1 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46848: libtasn1: Out-of-bound access in ETYPE_OK
Red Hat Security Advisory 2023-0116-01 - A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5707-1 - It was discovered that Libtasn1 did not properly perform bounds checking. An attacker could possibly use this issue to cause a crash.
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.