Headline
RHSA-2022:1417: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-0466: kernel: use after free in eventpoll.c may lead to escalation of privilege
- CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- CVE-2021-4155: kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
- CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
SRPM kernel-2.6.32-754.47.1.el6.src.rpm SHA-256: 3304d38ddf10ca73f2a3930b8fa2d7a3b03811aaa261b51af47452478924b620 x86_64 kernel-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 87094ee0830676dff542b6a25de3ace896102012c51ddf2c456cc8ff6d7f6241 kernel-abi-whitelists-2.6.32-754.47.1.el6.noarch.rpm SHA-256: d2b4b92f291849263c76f608cb007af65bd5dea32f02529da1e6c4c912dad973 kernel-debug-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 96510f096f162b29a8da631aa3f661df16b0092dc8c7ed32d68412e29a30ce67 kernel-debug-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 46b4feb3760b4adffa048643007b7bcaf9814e8e54e2b244624601c8c3401173 kernel-debug-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 594cda4c823d4315962974c9450da5c946e0cad294ed781e68480b1fc5c878e7 kernel-debug-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 594cda4c823d4315962974c9450da5c946e0cad294ed781e68480b1fc5c878e7 kernel-debug-devel-2.6.32-754.47.1.el6.i686.rpm SHA-256: c1524a095f968e1240bcc0821bb9336a757a2dbb90c399423e4f51c3622cf617 kernel-debug-devel-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 169520f68d1d2d3f779862f06f52b3e0cda131292c670f2ffac1c30a92194eb1 kernel-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 3d65521d357787a86171c82610fa5848f2c713df2a1f5f6b396cc991d7c67fb3 kernel-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: ad10f70ba97f5d2968bd1a5d5ce4743ce7c4d3f27b921fca7663c91204972726 kernel-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: ad10f70ba97f5d2968bd1a5d5ce4743ce7c4d3f27b921fca7663c91204972726 kernel-debuginfo-common-i686-2.6.32-754.47.1.el6.i686.rpm SHA-256: 14123f833393af05eb0dcdbbdd83c31056d055257e4cfc991617128c4b25f07c kernel-debuginfo-common-x86_64-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: c23c93d6097314087d51c54c2c7305d27b1fc18c98948061b26cf213256254f1 kernel-debuginfo-common-x86_64-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: c23c93d6097314087d51c54c2c7305d27b1fc18c98948061b26cf213256254f1 kernel-devel-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: e719cdc70a754658989771fc641dc12ad908aba0ac828c42022ebf55e23043c2 kernel-doc-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 401910a4ea90a2d3f3f1d28afde302258766eb9c1315f4812c4cdd21296660a2 kernel-firmware-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 2083507619653709a7d84eeaec086e2f7e04fd8c2b99e3fe32874c545ce92b48 kernel-headers-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 8a1f26ade8c9e3ea316912f735bcb80a26627c6ce21c78c93025469ad58d124b perf-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: ba95c50304db2f7b953aa36f1874710276f89807be38d425092f5f768be1da45 perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: d8fdd181abaaf6f7331a76d5fc0217bc22b4cc9bb1b796aacffffbd5b370784a perf-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 3eb8643e4644673cd37307dd5ac28c96a40beefd62287d827ecb1a6666e5327d perf-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 3eb8643e4644673cd37307dd5ac28c96a40beefd62287d827ecb1a6666e5327d python-perf-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 8a8e7cd09cd27a07e6dca2e55ab0939cfd2a13038727d89903a9e964d89d8d2f python-perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 855a8a486d106966f36977177743febb5f9e3a20cafec62c57944bd4efd669ec python-perf-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 706a27f6436518ffa0efa8b8fd06c47efc45b963ea5e6ae6224e0fe2f4ec849f python-perf-debuginfo-2.6.32-754.47.1.el6.x86_64.rpm SHA-256: 706a27f6436518ffa0efa8b8fd06c47efc45b963ea5e6ae6224e0fe2f4ec849f i386 kernel-2.6.32-754.47.1.el6.i686.rpm SHA-256: a3c2f641cdbcd6a18a40f7a03e05d76f945eebc95d43c9ea6cf580354d434a03 kernel-abi-whitelists-2.6.32-754.47.1.el6.noarch.rpm SHA-256: d2b4b92f291849263c76f608cb007af65bd5dea32f02529da1e6c4c912dad973 kernel-debug-2.6.32-754.47.1.el6.i686.rpm SHA-256: d01c1955233c48045f24a6545f208752654145be893cf1687e0ac6ce8b4b2482 kernel-debug-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 46b4feb3760b4adffa048643007b7bcaf9814e8e54e2b244624601c8c3401173 kernel-debug-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 46b4feb3760b4adffa048643007b7bcaf9814e8e54e2b244624601c8c3401173 kernel-debug-devel-2.6.32-754.47.1.el6.i686.rpm SHA-256: c1524a095f968e1240bcc0821bb9336a757a2dbb90c399423e4f51c3622cf617 kernel-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 3d65521d357787a86171c82610fa5848f2c713df2a1f5f6b396cc991d7c67fb3 kernel-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 3d65521d357787a86171c82610fa5848f2c713df2a1f5f6b396cc991d7c67fb3 kernel-debuginfo-common-i686-2.6.32-754.47.1.el6.i686.rpm SHA-256: 14123f833393af05eb0dcdbbdd83c31056d055257e4cfc991617128c4b25f07c kernel-debuginfo-common-i686-2.6.32-754.47.1.el6.i686.rpm SHA-256: 14123f833393af05eb0dcdbbdd83c31056d055257e4cfc991617128c4b25f07c kernel-devel-2.6.32-754.47.1.el6.i686.rpm SHA-256: 99c31dc69a699829eca7f347e7cff7357e46b6a53e1ad68cd1304e8a63d19ef7 kernel-doc-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 401910a4ea90a2d3f3f1d28afde302258766eb9c1315f4812c4cdd21296660a2 kernel-firmware-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 2083507619653709a7d84eeaec086e2f7e04fd8c2b99e3fe32874c545ce92b48 kernel-headers-2.6.32-754.47.1.el6.i686.rpm SHA-256: 9d1bc4374d30e7850c32de9108fb1b56613e20cf305d4674b614b781f70421d6 perf-2.6.32-754.47.1.el6.i686.rpm SHA-256: 6eb8b52ff485e5643dde6da4136b5f4a8be0d8f10fac519c1133a6012d76c7c6 perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: d8fdd181abaaf6f7331a76d5fc0217bc22b4cc9bb1b796aacffffbd5b370784a perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: d8fdd181abaaf6f7331a76d5fc0217bc22b4cc9bb1b796aacffffbd5b370784a python-perf-2.6.32-754.47.1.el6.i686.rpm SHA-256: aa6b54ac71933fcd4fdab13b5a47c2a3185d02d80e6544d5dafde2b0f7fd8d03 python-perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 855a8a486d106966f36977177743febb5f9e3a20cafec62c57944bd4efd669ec python-perf-debuginfo-2.6.32-754.47.1.el6.i686.rpm SHA-256: 855a8a486d106966f36977177743febb5f9e3a20cafec62c57944bd4efd669ec
SRPM kernel-2.6.32-754.47.1.el6.src.rpm SHA-256: 3304d38ddf10ca73f2a3930b8fa2d7a3b03811aaa261b51af47452478924b620 s390x kernel-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 1e1f8f240b1f3a82cfb9fdc73bda3835cf6caa0a86482298c857fcaaa8b870de kernel-abi-whitelists-2.6.32-754.47.1.el6.noarch.rpm SHA-256: d2b4b92f291849263c76f608cb007af65bd5dea32f02529da1e6c4c912dad973 kernel-debug-2.6.32-754.47.1.el6.s390x.rpm SHA-256: b7f47ca809f630a242335764a71c00689f44c101ef0241f6820a40ac684c79c0 kernel-debug-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 4511150f552ae1ff5c068c72379c385ef9893c2f4b46c36cec73bc019913053e kernel-debug-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 4511150f552ae1ff5c068c72379c385ef9893c2f4b46c36cec73bc019913053e kernel-debug-devel-2.6.32-754.47.1.el6.s390x.rpm SHA-256: e3dd0d732d0bef4fc00abcb51f4ce1c093a511c7a1fe5ac56d8ddf1b14550436 kernel-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 261cc3a965bc343721fa05a800f58a5538c650a3c50645716b4150abad6d0f55 kernel-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 261cc3a965bc343721fa05a800f58a5538c650a3c50645716b4150abad6d0f55 kernel-debuginfo-common-s390x-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 03e4bfe4f64d38d8151d9b3bfc51ae0f914f62ef776dbfb29fb5348dcc46e4b4 kernel-debuginfo-common-s390x-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 03e4bfe4f64d38d8151d9b3bfc51ae0f914f62ef776dbfb29fb5348dcc46e4b4 kernel-devel-2.6.32-754.47.1.el6.s390x.rpm SHA-256: c0f8f6f8160caa54c876b4e7bd243d74b39822a1788666316f8713952119a6c7 kernel-doc-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 401910a4ea90a2d3f3f1d28afde302258766eb9c1315f4812c4cdd21296660a2 kernel-firmware-2.6.32-754.47.1.el6.noarch.rpm SHA-256: 2083507619653709a7d84eeaec086e2f7e04fd8c2b99e3fe32874c545ce92b48 kernel-headers-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 566ffae5ceb8597641d06a66cf872093628bb577320ad3a549f47820b50f56fb kernel-kdump-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 44c777a0de13dd62d8932978c934e316e3f6054ecf2b3fe4fd7f3689a36c85b5 kernel-kdump-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: f26b4279b114041d06feb955dd1f8f499bcafa64b343761a3131f881bccc7750 kernel-kdump-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: f26b4279b114041d06feb955dd1f8f499bcafa64b343761a3131f881bccc7750 kernel-kdump-devel-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 99e97e66114f81224b826463cf6f2cc68948a6beecfa445e0cefc59d867e81aa perf-2.6.32-754.47.1.el6.s390x.rpm SHA-256: a3424474a83388b1a22f1aedf09443ffc15450967e15430f805c956c1a8cb788 perf-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 52dbb6f40091bbaa262d9b26cc75a09f841ccccc54a1c0de9571515de4a5ffe8 perf-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: 52dbb6f40091bbaa262d9b26cc75a09f841ccccc54a1c0de9571515de4a5ffe8 python-perf-2.6.32-754.47.1.el6.s390x.rpm SHA-256: e203d59c94b94c7eab611631090fdc500e35fe510a61cfeeb4c5181943f37aa3 python-perf-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: fc638ebb638e245d09967210bdb4a4dc18bec33d2834b12f0dde199c7ab8d627 python-perf-debuginfo-2.6.32-754.47.1.el6.s390x.rpm SHA-256: fc638ebb638e245d09967210bdb4a4dc18bec33d2834b12f0dde199c7ab8d627
Related news
An update is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4091: 389-ds-base: double free of the virtual attribute context in persistent search
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
Red Hat OpenShift Virtualization release 2.6.10 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs...
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.
An update is now available for Red Hat Ceph Storage 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20288: ceph: Unauthorized global_id reuse in cephx
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic
Swimlane’s Asia-Pacific presence grows 173%, highlighting rising demand for low-code security automation.
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
IT departments must account for the business impact and security risks such applications introduce.
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.
An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.