Headline
RHSA-2023:0110: Red Hat Security Advisory: sqlite security update
An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-12
Updated:
2023-01-12
RHSA-2023:0110 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: sqlite security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for sqlite is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Security Fix(es):
- sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API (CVE-2022-35737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2110291 - CVE-2022-35737 sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
Red Hat Enterprise Linux for x86_64 8
SRPM
sqlite-3.26.0-17.el8_7.src.rpm
SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91
x86_64
lemon-3.26.0-17.el8_7.x86_64.rpm
SHA-256: a49174b860aa91f84bbf2e2131c852d3953e08b15edfc47d3ba4fb2ed0090049
lemon-debuginfo-3.26.0-17.el8_7.i686.rpm
SHA-256: 4f60700b4f1cc739b3a17cd028b885434f816352cbb3f2292eeb80635b5dd76c
lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: dcf243c9247c39e0b7c6e9c5056b94ead813912d81a2e5ce1aedbc3cb272c060
lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: dcf243c9247c39e0b7c6e9c5056b94ead813912d81a2e5ce1aedbc3cb272c060
sqlite-3.26.0-17.el8_7.i686.rpm
SHA-256: 1f13da0608fd89a224efde7d9a4f0de9bb8a8b6c68fff4bdac5535cc23e8c79a
sqlite-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 644658ca62656291306c8bd793bf7b4f563889494a24ad0ab37bb34a2d7146b8
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.i686.rpm
SHA-256: a5ea36d13724000666b7db4f37f7a9c89469650f96fa7bcc1dbb0f1b20ccd3b6
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 2161c510e2c7f107ae94e1963b763f3b49fc2f613649bab65ffc514585ee9a6c
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 2161c510e2c7f107ae94e1963b763f3b49fc2f613649bab65ffc514585ee9a6c
sqlite-debuginfo-3.26.0-17.el8_7.i686.rpm
SHA-256: ab1042758663f5af67eac0c882bddfd97061ab559769ca1458a317fa595c8d0e
sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: dce1182d09764f51a185c092c2b988c66017877fd55a47b93334746f129cb285
sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: dce1182d09764f51a185c092c2b988c66017877fd55a47b93334746f129cb285
sqlite-debugsource-3.26.0-17.el8_7.i686.rpm
SHA-256: cd29bf210dd763216c9f645d3e5954f600a8ed3553503b59e19fa456ec4bda8e
sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 006bcf354001a58565a16543ed60f5b6e7354dff28a004b4e317a5d39f73f12b
sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 006bcf354001a58565a16543ed60f5b6e7354dff28a004b4e317a5d39f73f12b
sqlite-devel-3.26.0-17.el8_7.i686.rpm
SHA-256: 339a2d71a8490be7baa0e1dad10a0175c282257742f188e6c951ad0cb97b3f1a
sqlite-devel-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 5b6a578fce1890dd652584830a2a3de508ac52355c31cb012d38bd44d1108238
sqlite-doc-3.26.0-17.el8_7.noarch.rpm
SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b
sqlite-libs-3.26.0-17.el8_7.i686.rpm
SHA-256: e11e7aa6589fffd3779b78623e4490d868b756662381a82e7011f9fdbe83f2d4
sqlite-libs-3.26.0-17.el8_7.x86_64.rpm
SHA-256: b9de573726e97d705b594cb88fba2e938d2d09b11350f66e14e4d641664f84f8
sqlite-libs-debuginfo-3.26.0-17.el8_7.i686.rpm
SHA-256: 0e79921673294affa15ccdb35763e2229ed20d0ce9634f5757c2887bcb311c6b
sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 9dd1e23828ba1b736eb28e5944fcd9c04819cd98a8156879fdbcbd5e8cc9f38a
sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 9dd1e23828ba1b736eb28e5944fcd9c04819cd98a8156879fdbcbd5e8cc9f38a
sqlite-tcl-debuginfo-3.26.0-17.el8_7.i686.rpm
SHA-256: 7aee8d783cb0e5d8cfeb64473da748661750e456f534198f1b30d2648b142258
sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 82f436e1167b7c81583b33ddef930b87082af822e7b53d232f56c1e56adf5208
sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm
SHA-256: 82f436e1167b7c81583b33ddef930b87082af822e7b53d232f56c1e56adf5208
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
sqlite-3.26.0-17.el8_7.src.rpm
SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91
s390x
lemon-3.26.0-17.el8_7.s390x.rpm
SHA-256: 9a0ac1990e932d8405a07ac7504414280ab7191d400fc842c8889f74735456fd
lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: d5c6e312a20f447fe458094693c1ca10ab4efeb13a3c757f7254a5ef1c46dace
lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: d5c6e312a20f447fe458094693c1ca10ab4efeb13a3c757f7254a5ef1c46dace
sqlite-3.26.0-17.el8_7.s390x.rpm
SHA-256: 447648b46e9480e8b25adf7b4ba85253008dc017f3348d0ac164c8fc0edf7086
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: 90a3aed800aea9eca04edf1c3a3af50b1e93b0f9f29db06b7f2968256de4204c
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: 90a3aed800aea9eca04edf1c3a3af50b1e93b0f9f29db06b7f2968256de4204c
sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: 747f8d2d87015cf0c94ec676e38f7f51ba75f8d07d13cecf936afce87319d4ba
sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: 747f8d2d87015cf0c94ec676e38f7f51ba75f8d07d13cecf936afce87319d4ba
sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm
SHA-256: 4e143556f6adaba417d739b80e772833b5d87bed4c7b3d7cc2678c1f22473d93
sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm
SHA-256: 4e143556f6adaba417d739b80e772833b5d87bed4c7b3d7cc2678c1f22473d93
sqlite-devel-3.26.0-17.el8_7.s390x.rpm
SHA-256: ecf99753475a8b4b4d548efb8a5b73afdbd96bd7a036bf01f10d13bf218cef82
sqlite-doc-3.26.0-17.el8_7.noarch.rpm
SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b
sqlite-libs-3.26.0-17.el8_7.s390x.rpm
SHA-256: 86d2c555b40464867b2a8b55ddfc83538b916a67ae29d8d4299d73654955951f
sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: b5ade8943579e8b6674a8df9141a61017dfe06da4217b9e8347a476b3915df77
sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: b5ade8943579e8b6674a8df9141a61017dfe06da4217b9e8347a476b3915df77
sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: ee5212002c2c95ee8f126f2c30ad9dbe00fe2dbc88dbfca973f8b81776cf34e9
sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm
SHA-256: ee5212002c2c95ee8f126f2c30ad9dbe00fe2dbc88dbfca973f8b81776cf34e9
Red Hat Enterprise Linux for Power, little endian 8
SRPM
sqlite-3.26.0-17.el8_7.src.rpm
SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91
ppc64le
lemon-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 13f69d0f9082b53c7a6bd4880d9cd9bddad421bf46ccfbd15e5e2d7771937553
lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: a878ae0351114dcfecb640080cfc189712f518b7596f9255f8474715174fd357
lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: a878ae0351114dcfecb640080cfc189712f518b7596f9255f8474715174fd357
sqlite-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 22bf519c7173b59375aa50fea4da51b8066a5e60ba9d47ab3a20fa1953380515
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: fc7be1d319c29403b0373491e107612933cd3acb6a868aa842fbaa2b4d9b47bd
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: fc7be1d319c29403b0373491e107612933cd3acb6a868aa842fbaa2b4d9b47bd
sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 4b2dccbc0fbcbda47fe408a1aa585df4454242615f1c394a57fdc8fba93d3099
sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 4b2dccbc0fbcbda47fe408a1aa585df4454242615f1c394a57fdc8fba93d3099
sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: e191708ec94ebc19be87ec2c7bec029647c12c00a53d57c45f6262eb6a570117
sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: e191708ec94ebc19be87ec2c7bec029647c12c00a53d57c45f6262eb6a570117
sqlite-devel-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 3f386cb1e787ef383c753e12c8afdfd5e26a64db5182184a1e81fa56ad797f92
sqlite-doc-3.26.0-17.el8_7.noarch.rpm
SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b
sqlite-libs-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: fd2739aa9821a822f7592aab96fb213d5e443229d68aed38b9a37d523a8d2157
sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 5cc62d23e124daf094183bcd5efaf36721ecbf2e95780a17eebf1e9ccb44e565
sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: 5cc62d23e124daf094183bcd5efaf36721ecbf2e95780a17eebf1e9ccb44e565
sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: b62f9435aa993910841686bceb01e7456fdbd31a4c77d1c4995325bdac3ff057
sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm
SHA-256: b62f9435aa993910841686bceb01e7456fdbd31a4c77d1c4995325bdac3ff057
Red Hat Enterprise Linux for ARM 64 8
SRPM
sqlite-3.26.0-17.el8_7.src.rpm
SHA-256: 56fe4cc171f3a535ce39f280cd317760bb06c7f88e399664e7899e186a1e3e91
aarch64
lemon-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 5e8ef3e77030425a873f78f5e3772eada7c1607d6f2ecb5f7f28260c456a2764
lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: a1708561fddabfaef8ed4226e78659582278557f579479e8b1b8c1a01674a346
lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: a1708561fddabfaef8ed4226e78659582278557f579479e8b1b8c1a01674a346
sqlite-3.26.0-17.el8_7.aarch64.rpm
SHA-256: e136e332fc96c6790c90b8d8a175875963e79b355455cbd1974fc6848c9c25f7
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: ed327fb460f9ff9702ee0da08d919e1217128cb6db970d5c5dcb52b509308dad
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: ed327fb460f9ff9702ee0da08d919e1217128cb6db970d5c5dcb52b509308dad
sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 02fd108ed899fa67757de25565b16893b883a1b827858d33859823accadac7e5
sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 02fd108ed899fa67757de25565b16893b883a1b827858d33859823accadac7e5
sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 7123004d0c22517c1209557661c33b6b074b036f4d9d7c120f4d04d17fb3eefa
sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 7123004d0c22517c1209557661c33b6b074b036f4d9d7c120f4d04d17fb3eefa
sqlite-devel-3.26.0-17.el8_7.aarch64.rpm
SHA-256: b9cd202171916d9894694edb37c0622e58701684a15e20e975a13514b5194dc3
sqlite-doc-3.26.0-17.el8_7.noarch.rpm
SHA-256: d26ba385a9ca8f446c5160bd6ceda06681ace54383a00fe75fc686c36908633b
sqlite-libs-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 88593c8ef908258b5955281fcad8a7434a4a8735e7cf848567119598c7d2b760
sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 36a194d08b42218353fe85f1ecfcadd316d71ea4451079d322e2e9f8c46346d0
sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 36a194d08b42218353fe85f1ecfcadd316d71ea4451079d322e2e9f8c46346d0
sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 1ffd9575610f835065b2bb8c669ae135c197ffa23fdecc9bcdaefab1c168d340
sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm
SHA-256: 1ffd9575610f835065b2bb8c669ae135c197ffa23fdecc9bcdaefab1c168d340
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...
Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled
An update for sqlite is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5716-2 - USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5712-1 - It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.
Gentoo Linux Security Advisory 202210-40 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. Versions less than 3.39.2 are affected.
Dormant 32 bit-era coding flaw causes problems for 64-bit systems
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.