Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0110: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
Red Hat Security Data
#sql#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-12

Updated:

2023-01-12

RHSA-2023:0110 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: sqlite security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for sqlite is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Security Fix(es):

  • sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API (CVE-2022-35737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2110291 - CVE-2022-35737 sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

Red Hat Enterprise Linux for x86_64 8

SRPM

sqlite-3.26.0-17.el8_7.src.rpm

SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91

x86_64

lemon-3.26.0-17.el8_7.x86_64.rpm

SHA-256: a49174b860aa91f84bbf2e2131c852d3953e08b15edfc47d3ba4fb2ed0090049

lemon-debuginfo-3.26.0-17.el8_7.i686.rpm

SHA-256: 4f60700b4f1cc739b3a17cd028b885434f816352cbb3f2292eeb80635b5dd76c

lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: dcf243c9247c39e0b7c6e9c5056b94ead813912d81a2e5ce1aedbc3cb272c060

lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: dcf243c9247c39e0b7c6e9c5056b94ead813912d81a2e5ce1aedbc3cb272c060

sqlite-3.26.0-17.el8_7.i686.rpm

SHA-256: 1f13da0608fd89a224efde7d9a4f0de9bb8a8b6c68fff4bdac5535cc23e8c79a

sqlite-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 644658ca62656291306c8bd793bf7b4f563889494a24ad0ab37bb34a2d7146b8

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.i686.rpm

SHA-256: a5ea36d13724000666b7db4f37f7a9c89469650f96fa7bcc1dbb0f1b20ccd3b6

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 2161c510e2c7f107ae94e1963b763f3b49fc2f613649bab65ffc514585ee9a6c

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 2161c510e2c7f107ae94e1963b763f3b49fc2f613649bab65ffc514585ee9a6c

sqlite-debuginfo-3.26.0-17.el8_7.i686.rpm

SHA-256: ab1042758663f5af67eac0c882bddfd97061ab559769ca1458a317fa595c8d0e

sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: dce1182d09764f51a185c092c2b988c66017877fd55a47b93334746f129cb285

sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: dce1182d09764f51a185c092c2b988c66017877fd55a47b93334746f129cb285

sqlite-debugsource-3.26.0-17.el8_7.i686.rpm

SHA-256: cd29bf210dd763216c9f645d3e5954f600a8ed3553503b59e19fa456ec4bda8e

sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 006bcf354001a58565a16543ed60f5b6e7354dff28a004b4e317a5d39f73f12b

sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 006bcf354001a58565a16543ed60f5b6e7354dff28a004b4e317a5d39f73f12b

sqlite-devel-3.26.0-17.el8_7.i686.rpm

SHA-256: 339a2d71a8490be7baa0e1dad10a0175c282257742f188e6c951ad0cb97b3f1a

sqlite-devel-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 5b6a578fce1890dd652584830a2a3de508ac52355c31cb012d38bd44d1108238

sqlite-doc-3.26.0-17.el8_7.noarch.rpm

SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b

sqlite-libs-3.26.0-17.el8_7.i686.rpm

SHA-256: e11e7aa6589fffd3779b78623e4490d868b756662381a82e7011f9fdbe83f2d4

sqlite-libs-3.26.0-17.el8_7.x86_64.rpm

SHA-256: b9de573726e97d705b594cb88fba2e938d2d09b11350f66e14e4d641664f84f8

sqlite-libs-debuginfo-3.26.0-17.el8_7.i686.rpm

SHA-256: 0e79921673294affa15ccdb35763e2229ed20d0ce9634f5757c2887bcb311c6b

sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 9dd1e23828ba1b736eb28e5944fcd9c04819cd98a8156879fdbcbd5e8cc9f38a

sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 9dd1e23828ba1b736eb28e5944fcd9c04819cd98a8156879fdbcbd5e8cc9f38a

sqlite-tcl-debuginfo-3.26.0-17.el8_7.i686.rpm

SHA-256: 7aee8d783cb0e5d8cfeb64473da748661750e456f534198f1b30d2648b142258

sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 82f436e1167b7c81583b33ddef930b87082af822e7b53d232f56c1e56adf5208

sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm

SHA-256: 82f436e1167b7c81583b33ddef930b87082af822e7b53d232f56c1e56adf5208

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

sqlite-3.26.0-17.el8_7.src.rpm

SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91

s390x

lemon-3.26.0-17.el8_7.s390x.rpm

SHA-256: 9a0ac1990e932d8405a07ac7504414280ab7191d400fc842c8889f74735456fd

lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: d5c6e312a20f447fe458094693c1ca10ab4efeb13a3c757f7254a5ef1c46dace

lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: d5c6e312a20f447fe458094693c1ca10ab4efeb13a3c757f7254a5ef1c46dace

sqlite-3.26.0-17.el8_7.s390x.rpm

SHA-256: 447648b46e9480e8b25adf7b4ba85253008dc017f3348d0ac164c8fc0edf7086

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: 90a3aed800aea9eca04edf1c3a3af50b1e93b0f9f29db06b7f2968256de4204c

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: 90a3aed800aea9eca04edf1c3a3af50b1e93b0f9f29db06b7f2968256de4204c

sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: 747f8d2d87015cf0c94ec676e38f7f51ba75f8d07d13cecf936afce87319d4ba

sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: 747f8d2d87015cf0c94ec676e38f7f51ba75f8d07d13cecf936afce87319d4ba

sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm

SHA-256: 4e143556f6adaba417d739b80e772833b5d87bed4c7b3d7cc2678c1f22473d93

sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm

SHA-256: 4e143556f6adaba417d739b80e772833b5d87bed4c7b3d7cc2678c1f22473d93

sqlite-devel-3.26.0-17.el8_7.s390x.rpm

SHA-256: ecf99753475a8b4b4d548efb8a5b73afdbd96bd7a036bf01f10d13bf218cef82

sqlite-doc-3.26.0-17.el8_7.noarch.rpm

SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b

sqlite-libs-3.26.0-17.el8_7.s390x.rpm

SHA-256: 86d2c555b40464867b2a8b55ddfc83538b916a67ae29d8d4299d73654955951f

sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: b5ade8943579e8b6674a8df9141a61017dfe06da4217b9e8347a476b3915df77

sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: b5ade8943579e8b6674a8df9141a61017dfe06da4217b9e8347a476b3915df77

sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: ee5212002c2c95ee8f126f2c30ad9dbe00fe2dbc88dbfca973f8b81776cf34e9

sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm

SHA-256: ee5212002c2c95ee8f126f2c30ad9dbe00fe2dbc88dbfca973f8b81776cf34e9

Red Hat Enterprise Linux for Power, little endian 8

SRPM

sqlite-3.26.0-17.el8_7.src.rpm

SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91

ppc64le

lemon-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 13f69d0f9082b53c7a6bd4880d9cd9bddad421bf46ccfbd15e5e2d7771937553

lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: a878ae0351114dcfecb640080cfc189712f518b7596f9255f8474715174fd357

lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: a878ae0351114dcfecb640080cfc189712f518b7596f9255f8474715174fd357

sqlite-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 22bf519c7173b59375aa50fea4da51b8066a5e60ba9d47ab3a20fa1953380515

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: fc7be1d319c29403b0373491e107612933cd3acb6a868aa842fbaa2b4d9b47bd

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: fc7be1d319c29403b0373491e107612933cd3acb6a868aa842fbaa2b4d9b47bd

sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 4b2dccbc0fbcbda47fe408a1aa585df4454242615f1c394a57fdc8fba93d3099

sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 4b2dccbc0fbcbda47fe408a1aa585df4454242615f1c394a57fdc8fba93d3099

sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: e191708ec94ebc19be87ec2c7bec029647c12c00a53d57c45f6262eb6a570117

sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: e191708ec94ebc19be87ec2c7bec029647c12c00a53d57c45f6262eb6a570117

sqlite-devel-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 3f386cb1e787ef383c753e12c8afdfd5e26a64db5182184a1e81fa56ad797f92

sqlite-doc-3.26.0-17.el8_7.noarch.rpm

SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b

sqlite-libs-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: fd2739aa9821a822f7592aab96fb213d5e443229d68aed38b9a37d523a8d2157

sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 5cc62d23e124daf094183bcd5efaf36721ecbf2e95780a17eebf1e9ccb44e565

sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: 5cc62d23e124daf094183bcd5efaf36721ecbf2e95780a17eebf1e9ccb44e565

sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: b62f9435aa993910841686bceb01e7456fdbd31a4c77d1c4995325bdac3ff057

sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

SHA-256: b62f9435aa993910841686bceb01e7456fdbd31a4c77d1c4995325bdac3ff057

Red Hat Enterprise Linux for ARM 64 8

SRPM

sqlite-3.26.0-17.el8_7.src.rpm

SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91

aarch64

lemon-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 5e8ef3e77030425a873f78f5e3772eada7c1607d6f2ecb5f7f28260c456a2764

lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: a1708561fddabfaef8ed4226e78659582278557f579479e8b1b8c1a01674a346

lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: a1708561fddabfaef8ed4226e78659582278557f579479e8b1b8c1a01674a346

sqlite-3.26.0-17.el8_7.aarch64.rpm

SHA-256: e136e332fc96c6790c90b8d8a175875963e79b355455cbd1974fc6848c9c25f7

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: ed327fb460f9ff9702ee0da08d919e1217128cb6db970d5c5dcb52b509308dad

sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: ed327fb460f9ff9702ee0da08d919e1217128cb6db970d5c5dcb52b509308dad

sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 02fd108ed899fa67757de25565b16893b883a1b827858d33859823accadac7e5

sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 02fd108ed899fa67757de25565b16893b883a1b827858d33859823accadac7e5

sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 7123004d0c22517c1209557661c33b6b074b036f4d9d7c120f4d04d17fb3eefa

sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 7123004d0c22517c1209557661c33b6b074b036f4d9d7c120f4d04d17fb3eefa

sqlite-devel-3.26.0-17.el8_7.aarch64.rpm

SHA-256: b9cd202171916d9894694edb37c0622e58701684a15e20e975a13514b5194dc3

sqlite-doc-3.26.0-17.el8_7.noarch.rpm

SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b

sqlite-libs-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 88593c8ef908258b5955281fcad8a7434a4a8735e7cf848567119598c7d2b760

sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 36a194d08b42218353fe85f1ecfcadd316d71ea4451079d322e2e9f8c46346d0

sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 36a194d08b42218353fe85f1ecfcadd316d71ea4451079d322e2e9f8c46346d0

sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 1ffd9575610f835065b2bb8c669ae135c197ffa23fdecc9bcdaefab1c168d340

sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm

SHA-256: 1ffd9575610f835065b2bb8c669ae135c197ffa23fdecc9bcdaefab1c168d340

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0630: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Security Advisory 2023-0468-01

Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0466-01

Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0467-01

Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.

RHSA-2023:0468: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified

RHSA-2023:0467: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

RHSA-2023:0339: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Red Hat Security Advisory 2023-0110-01

Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Ubuntu Security Notice USN-5716-2

Ubuntu Security Notice 5716-2 - USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5712-1

Ubuntu Security Notice 5712-1 - It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.

Gentoo Linux Security Advisory 202210-40

Gentoo Linux Security Advisory 202210-40 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. Versions less than 3.39.2 are affected.

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.