Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1389: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
  • CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
  • CVE-2021-3518: libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
  • CVE-2021-3537: libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
  • CVE-2021-3541: libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
  • CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  • CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
  • CVE-2022-23308: libxml2: Use-after-free of ID and IDREF attributes
Red Hat Security Data
#sql#vulnerability#linux#red_hat#apache

Synopsis

Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)
  • libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
  • libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
  • libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
  • libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
  • libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
  • libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)
  • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat JBoss Core Services 1 for RHEL 8 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 7 x86_64

Fixes

  • BZ - 1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
  • BZ - 1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
  • BZ - 1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
  • BZ - 1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
  • BZ - 1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
  • BZ - 2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes
  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  • BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

CVEs

  • CVE-2021-3516
  • CVE-2021-3517
  • CVE-2021-3518
  • CVE-2021-3537
  • CVE-2021-3541
  • CVE-2022-0778
  • CVE-2022-22720
  • CVE-2022-23308

Red Hat JBoss Core Services 1 for RHEL 8

SRPM

jbcs-httpd24-apr-util-1.6.1-91.el8jbcs.src.rpm

SHA-256: 74888ffe75d887d0d321b37dc0f1ec4b0879537f48824fd0b24be93ec5205f41

jbcs-httpd24-curl-7.78.0-3.el8jbcs.src.rpm

SHA-256: f89b5dabab31ab25a0543d76d74a1f7295432ed895461ad7f1ab603429dde99c

jbcs-httpd24-httpd-2.4.37-80.el8jbcs.src.rpm

SHA-256: dfa18318e91cae4f298adc8cc0ef5df765911f6a8317d6ce70f0c7288b9784c9

jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.el8jbcs.src.rpm

SHA-256: 159b384cba1d104e32b452bbdce19f884cb46a9735ff43cbed7ee555b41d26fa

jbcs-httpd24-mod_http2-1.15.7-22.el8jbcs.src.rpm

SHA-256: f495b170ef4c640b561221ad2a87513eb4c586182f5cf6f210350490d2263e03

jbcs-httpd24-mod_jk-1.2.48-29.redhat_1.el8jbcs.src.rpm

SHA-256: 9c36cf0bda9fa93cfec42a2d360191be287f7caac6ea9571bc56c0c989d75472

jbcs-httpd24-mod_md-2.0.8-41.el8jbcs.src.rpm

SHA-256: e3760695c8de4b0d1cc575c59d8fdf52920b2bd20b5c0e46eb810f1a8d192ccf

jbcs-httpd24-mod_security-2.9.2-68.GA.el8jbcs.src.rpm

SHA-256: 2a421b61b92f63894cb0a39e01794b02c54394d5ca7f0031d0845a2c506ddea4

jbcs-httpd24-nghttp2-1.39.2-41.el8jbcs.src.rpm

SHA-256: 772c336c0e2c491835d766d8f23e173a10a2158052a3d6dddaa875962f52b662

jbcs-httpd24-openssl-1.1.1g-11.el8jbcs.src.rpm

SHA-256: fa4a0e63cc95e741e165ecbbd44a2a61c27594734cb2d69a7e610786192c43ef

jbcs-httpd24-openssl-chil-1.0.0-11.el8jbcs.src.rpm

SHA-256: 87b60805ecf1f13237ca6edfef72ab14073914f1b7d46d17b8a97624bba56e45

jbcs-httpd24-openssl-pkcs11-0.4.10-26.el8jbcs.src.rpm

SHA-256: 614aa4108c5792f2638c3063b7cd77e237013e66a5416013269f1b1fce98802c

x86_64

jbcs-httpd24-apr-util-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: dff70b65f5da69c2666b648f44c9c266e701261f2ccd9c460570caa64ba980e8

jbcs-httpd24-apr-util-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 3713a25bed5a2c64d72772b42ed4e3dc39f5f79a58aec0ed0da57eb6e9d7f627

jbcs-httpd24-apr-util-devel-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: d482fcd1ca74df0ef865e9a8afad09b5f8e926c610a40022a32690d51227b82c

jbcs-httpd24-apr-util-ldap-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: d3cfefece0389951c49ae4e8773fde05c7fd08d413ca7a27db4954c422aa7da4

jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 110e25cee3c4ec36e550af126e82be322357726ed24e61efd8b9296c689f9e39

jbcs-httpd24-apr-util-mysql-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: c02fb5ab72238e56e425c9571f17d2abfb7ab8a02976fc67d9f0e15f8bf12438

jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: a8fbab0fb9fa74b9f22ae58079189b5ab5d877f28f98484e5a3171bf8460a1a0

jbcs-httpd24-apr-util-nss-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 21779dc8d4d692de6fc599be3bdf46bb34ee1ef1f4117b4813c82b7149041bb4

jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: c13e89cf0a94d31282248b60af52d3599428605c6247fbdc68b6809d3324419b

jbcs-httpd24-apr-util-odbc-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 19eca2f5a2bfdf3e35626888d1056a08df73bc94b8250383e3cd4644f35f88cc

jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 9ab56fbac89019423d74ed96bcae88bf8115ad3132cb193049dc0b565105d47a

jbcs-httpd24-apr-util-openssl-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 45fb38cbe53fe3e9641a3ff2b9f4f9610b7f47fa88db36d7314fa0cf779f9dab

jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 4cddf378976b854c6f809df48066714b8634a9458f78e75d167726027bc521c6

jbcs-httpd24-apr-util-pgsql-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: 35f137577ea37fae50eb24124d61d8b5f057063c5a59658180cc8f0b835e253f

jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: f1020ccf98fb40e4cc8a5d1e62843e535666c087ac37e670308cdb6232f768f1

jbcs-httpd24-apr-util-sqlite-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: ffaa1924db04d2e57d42d95464b9ea6d8fc76df1625e7ab8935112ebdcfe471d

jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm

SHA-256: bca60805093fbd97e833db7316fc25a938aca0604b979912dc433d981fae4548

jbcs-httpd24-curl-7.78.0-3.el8jbcs.x86_64.rpm

SHA-256: bfbf4e1748c83a2f1175891d000d1c31640f484276c3053cbcd9723f61c3dc92

jbcs-httpd24-curl-debuginfo-7.78.0-3.el8jbcs.x86_64.rpm

SHA-256: 1a4ece41cf35d729dfaeac076b13c07e0192ef13d6204cb378a7d58fa0e0b953

jbcs-httpd24-httpd-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: b5478712486c31b8d6c78e400ec410dcc5b3025abcedd5d126ce1fb92504b8b4

jbcs-httpd24-httpd-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 89a0c2ee59b375b9d4265e8cc8b112b0385c569e825c7a7b6ac69e25d3e568ae

jbcs-httpd24-httpd-devel-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 73569dec8bc7026ee751afe9567e1eb945fe59a2d22582adbf7fbbb863b744a5

jbcs-httpd24-httpd-manual-2.4.37-80.el8jbcs.noarch.rpm

SHA-256: 285e91a6749b6ee85168e1f8664cc6e723d7aefbc0d83e1db5b401e315fc209e

jbcs-httpd24-httpd-selinux-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 590b458acd9c1e2ce03d055b9e2e67268f29b795004ac980f490c6d563930a32

jbcs-httpd24-httpd-tools-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 1e983d5cdd57e4c2104252bdd082c6453e553af102853549aef5e5e94838d28c

jbcs-httpd24-httpd-tools-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 804732b539d6445672ce079a8a8d6844bc660edc736ddcfb28bd02ac605348fe

jbcs-httpd24-libcurl-7.78.0-3.el8jbcs.x86_64.rpm

SHA-256: 258a14f0f0d168b2e53133cc30edbd821bfd2b84e9adfce0dbd0585c3dddb41f

jbcs-httpd24-libcurl-debuginfo-7.78.0-3.el8jbcs.x86_64.rpm

SHA-256: c8ae080beeb1165decebf3c1390a7a9afdf24fe1676d96870e6ce42b4e0a0c3e

jbcs-httpd24-libcurl-devel-7.78.0-3.el8jbcs.x86_64.rpm

SHA-256: f842ffd82bf7555e03e2e11542cd0fbe18a97743f746627aa9065c3ae1abe1c7

jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.el8jbcs.x86_64.rpm

SHA-256: 1fe729ae4c8575a8e4fe5abf92e00877ab08ae987007d5873220ad505dae0140

jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-10.Final_redhat_2.el8jbcs.x86_64.rpm

SHA-256: 047fdbdd2d1524f06086738f1e6c909ec2a704065214f62b0373b0a9d13cbbd0

jbcs-httpd24-mod_http2-1.15.7-22.el8jbcs.x86_64.rpm

SHA-256: 948a1f07de87ee6e48aad3c627981a9b7c5dd9120f0cb0ed1e3d4c0251c4dcb9

jbcs-httpd24-mod_http2-debuginfo-1.15.7-22.el8jbcs.x86_64.rpm

SHA-256: 30d7d9ea3cc231b4aa1c822258bb6a45980240afb4c02c3b4687cfefca02a46b

jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm

SHA-256: 088891a911d04e924b31001babff220b0961ca1b9b1360e0fa3762b346ccad0d

jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm

SHA-256: aad7417fb38f04bb3b50759deaf53ba85999f49e5767175be78dff4b2fff56ab

jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm

SHA-256: ed258caa48139ed2722e1cbcdc79ba95ca54d8c595ae2f5063bc42e4d6e92718

jbcs-httpd24-mod_ldap-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 4e4763c8eac0b01e010aa88709e4513bd205a49a7ef060a8245940c756a82d72

jbcs-httpd24-mod_ldap-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: dfa59ccdb50228abf0fa0ced32ee1c4a06853d75dab7f219b82401298afb6fc1

jbcs-httpd24-mod_md-2.0.8-41.el8jbcs.x86_64.rpm

SHA-256: 48a6a9dfb0b4d9d7f57ab5e327f53296fca441eb1e268be27efa5a60bdeb2fc8

jbcs-httpd24-mod_md-debuginfo-2.0.8-41.el8jbcs.x86_64.rpm

SHA-256: a9dc7a6b805e046c2a32b939026721b43e89d60d8ee7984e41e90f708c090d3c

jbcs-httpd24-mod_proxy_html-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: c993e261922833edb9ce594c56c1830567256d8c2cb10b9536ae267be09ade0f

jbcs-httpd24-mod_proxy_html-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 26c90396f8dd3563ad9d8221a038f3c2a63791fde183189c9ee91e3f41a54425

jbcs-httpd24-mod_security-2.9.2-68.GA.el8jbcs.x86_64.rpm

SHA-256: 6b0f1d98cc69a781a776844faacdd27448ed9fe653d95e50f47ac598e33eefbf

jbcs-httpd24-mod_security-debuginfo-2.9.2-68.GA.el8jbcs.x86_64.rpm

SHA-256: 43344db89644cf84d251f27b7b881645f72897a0f337f8d893cfb1124c13687a

jbcs-httpd24-mod_session-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 604a48605550b8fd489c032d7deba105a972a3ddde6450ba173c88ffbc43964c

jbcs-httpd24-mod_session-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 9ebaafb13ce94a43431798bc5550a5778e94765d3b93ad978d3889bc3fd7ce47

jbcs-httpd24-mod_ssl-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: aa5a3d78002279b5fce8d8717fe8a2a40cbb43d3427281af513cf8630965f833

jbcs-httpd24-mod_ssl-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm

SHA-256: 913b268d894f3281adc2a2453779c24fc367e583553d5035a4f5e3bc00ac87c5

jbcs-httpd24-nghttp2-1.39.2-41.el8jbcs.x86_64.rpm

SHA-256: 7f7c25f254d116dda63f8675f2498596f4710ec4c0e8bf14281ee2cda2a8f1eb

jbcs-httpd24-nghttp2-debuginfo-1.39.2-41.el8jbcs.x86_64.rpm

SHA-256: 585dccb4dbdd2a3f78799a2e3532de0101a0e9c57d42c15bf7049d4ec1937953

jbcs-httpd24-nghttp2-devel-1.39.2-41.el8jbcs.x86_64.rpm

SHA-256: acbc5fd8447cde87c8fe84f28ce09a1843f52fb6c0625da9b8f0f336a8fb8ddd

jbcs-httpd24-openssl-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: 85824a434d7b30c7a476ca455e68cf00f8c42401b6869d436e49e88c036652d4

jbcs-httpd24-openssl-chil-1.0.0-11.el8jbcs.x86_64.rpm

SHA-256: de96d00aae81320aad1c895848a39e50cf294cdede852fcc2d419915a869a38f

jbcs-httpd24-openssl-chil-debuginfo-1.0.0-11.el8jbcs.x86_64.rpm

SHA-256: 0698a03dfecd616406667b8425595311bc845050bbccd8c9c81fef7e974527d4

jbcs-httpd24-openssl-debuginfo-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: a7ffc49e16e1d468e143ca43d22294cdcb31aa5cf48d7f97d1ccd1869a0f9d8c

jbcs-httpd24-openssl-devel-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: 67f9a9a929405aa217460eeee81a73706539c811e5150fa454ff5c7dc9be2623

jbcs-httpd24-openssl-libs-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: 23acf47970fcb02b76b77614f3a96c35d8c10a20dbf8914ff845c05eb053bb51

jbcs-httpd24-openssl-libs-debuginfo-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: 022af7cabd2a8f8862c6158e282f8cc072bcbb81a3ecc288f81ff0c849741510

jbcs-httpd24-openssl-perl-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: fe1974f69fc7c83584554cb1b0431e5ef91a503d663cb4d1298174074d69d7f9

jbcs-httpd24-openssl-pkcs11-0.4.10-26.el8jbcs.x86_64.rpm

SHA-256: 8463e149a3ea0b0dda3163ab34b28770866772dfe190870fc3934d45d87479fc

jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-26.el8jbcs.x86_64.rpm

SHA-256: 793090671cdea94218967c3011743ebeaa41e9de5e774d0fc714de7f0ee9ec70

jbcs-httpd24-openssl-static-1.1.1g-11.el8jbcs.x86_64.rpm

SHA-256: 2ff9e9f2c8099bbe4d0823066d6e457b422976d58665abea7734b644df06cd7c

Red Hat JBoss Core Services 1 for RHEL 7

SRPM

jbcs-httpd24-apr-util-1.6.1-91.jbcs.el7.src.rpm

SHA-256: 8f7ff5ce4a063ef14b970939eb47773af06fb288c1024f50a5bf95d0c314c546

jbcs-httpd24-curl-7.78.0-3.jbcs.el7.src.rpm

SHA-256: d40015189a3cb2192ac5addb3ede5df573eea6f05ad79d7a98cc1abe3fa4a610

jbcs-httpd24-httpd-2.4.37-80.jbcs.el7.src.rpm

SHA-256: 8847a89d99af283e63be8d28da961cf8c2ebec4ca2af6dd13d4a71f164767f70

jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.jbcs.el7.src.rpm

SHA-256: 216c5a8afb4c5ba58cd68bae4b9d1a127299febcbd7a24815eae0e654d28d88c

jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7.src.rpm

SHA-256: 72f66b7e43876d47edf5d0d9f43f0e4f7bea3488ecd50d737fa3bcd6f6d79f0c

jbcs-httpd24-mod_jk-1.2.48-29.redhat_1.jbcs.el7.src.rpm

SHA-256: 677647c7638773f06066cf61d63a6aec91aec91a1f4ae8cf912be18d613f1d91

jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7.src.rpm

SHA-256: ec5c2acb567f75969ac57a69e169a5365e7f0774f970c61fc764dc5641f06418

jbcs-httpd24-mod_security-2.9.2-68.GA.jbcs.el7.src.rpm

SHA-256: 125606603cfafc48935cdd725ff63bdf00adc6b77a97c4df4075a7fdb40d54c3

jbcs-httpd24-nghttp2-1.39.2-41.jbcs.el7.src.rpm

SHA-256: 3cdee2c3e226d442d4d247925d847f5ddfd2f7cd30c4ffe53c8d35e347049293

jbcs-httpd24-openssl-1.1.1g-11.jbcs.el7.src.rpm

SHA-256: 4fff18c8d7bc2694bd2aabb5dbca3cfefc9ea0793007ceb6b76e7951d7952ece

jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7.src.rpm

SHA-256: 68cb0e3403e0127518bf146fc855f89a693c05abd71cb7980f67f5bbe0369cf2

jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7.src.rpm

SHA-256: fc698bb8fa8d9a2765b04117ef766a77c3c0d4c70519ccc23545ba6b12d397dd

x86_64

jbcs-httpd24-apr-util-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 62420f42d28aa37defedbd6123c93ca5aecae538a49a728ad39dbc7db5b0aebe

jbcs-httpd24-apr-util-debuginfo-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 8809f7cc63e3da9b693ccf5327b31d856dabcc2948252708f60ad8fe2fdfa845

jbcs-httpd24-apr-util-devel-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 8d1cfb0e2dfbe1b959606ca13d77626cf81d45e134b8f1c41c739b9a39d63019

jbcs-httpd24-apr-util-ldap-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 8c2ee9e3bdfed71a7d58312896f980686dcda2524c8ae68d00f3ada9c503b75c

jbcs-httpd24-apr-util-mysql-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 1889cf425241be5f433701e443456e5ae8790eda0affa780962f1e56a488b9a2

jbcs-httpd24-apr-util-nss-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: a201376d6739735d66470a50a6a1a0a971b28976bfb0f53c49e458c5f0823a91

jbcs-httpd24-apr-util-odbc-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: f0c4dfe7937c4952417f64212a04b8f8f0c4e7203af1683dc8c3942e44714f48

jbcs-httpd24-apr-util-openssl-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 56d26b13df66a7c6fdb2e607495e0d9e69eaec115c32e08d6a38ab27cb13804f

jbcs-httpd24-apr-util-pgsql-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 2cbf1a96af3ead76a91271e71f91026a5d22c5371776c07b78328975c515fecb

jbcs-httpd24-apr-util-sqlite-1.6.1-91.jbcs.el7.x86_64.rpm

SHA-256: 89e2de6e3c2d3334e7528d3258b86fc2f759cecf84454d37068d15b3833a7228

jbcs-httpd24-curl-7.78.0-3.jbcs.el7.x86_64.rpm

SHA-256: bb8600dffeeb9f86e8cc207461d287dd6bb6024184089701108ef3bcd43acb6f

jbcs-httpd24-curl-debuginfo-7.78.0-3.jbcs.el7.x86_64.rpm

SHA-256: 99596ea7864fba6de3b2a39ddeb197019a8f4119470d87e4c5837bcf31df2044

jbcs-httpd24-httpd-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: b87b49d4581b435633dcc0f91760d30dd3dd413092d01bd144319a4e23957334

jbcs-httpd24-httpd-debuginfo-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 94a2ffdf333f2270760c5198a68341cb83c3dc85b9d17146d636a36bbe5b4544

jbcs-httpd24-httpd-devel-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: ed9400f13acbf0886c6a5dae8d6fab0059ba50c92b62b5bd98263eea69356d0e

jbcs-httpd24-httpd-manual-2.4.37-80.jbcs.el7.noarch.rpm

SHA-256: c3397d553b03b7f9388ecd085b15dbea05aeecde2f3eb1bd320616b8beeaf800

jbcs-httpd24-httpd-selinux-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 13a6681c228341d7ab5e319b15b7fdfa1e73b1b8cc220ca89219a91a4d4ccb16

jbcs-httpd24-httpd-tools-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 78792d0844fa7a37bbcb31b461c33e1fa6e4e23db3f5ad9482411af4f27885a4

jbcs-httpd24-libcurl-7.78.0-3.jbcs.el7.x86_64.rpm

SHA-256: fb7b4df739f2c73e77bbebcd377abc5b8491023f5498b17996237ef2894c8fa5

jbcs-httpd24-libcurl-devel-7.78.0-3.jbcs.el7.x86_64.rpm

SHA-256: be3ffc29a7ada125d4d365bb277c47f9611edeb59dcdb32c1935a4434197667e

jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.jbcs.el7.x86_64.rpm

SHA-256: 0c1df6f7e8e710e588bb6d4b5c39353820f19cc5f7738086db9d232399972ba5

jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-10.Final_redhat_2.jbcs.el7.x86_64.rpm

SHA-256: 007323981129bd2f5bbdd4578cd0e0dd77862c4b0aa0ac1ebf27ab865c5754c3

jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7.x86_64.rpm

SHA-256: 6a57969870dbc8cfd79d3ab23d02a27566e29c3465404cbcad1e978b050474a0

jbcs-httpd24-mod_http2-debuginfo-1.15.7-22.jbcs.el7.x86_64.rpm

SHA-256: 2e4e30dfeb8e5e0bf822c4a99a763b7217741a5376b5b2bbbe66fd569807cd91

jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm

SHA-256: 956df935570c70d3651e6ed4f097fb048da8075818bb00d41db2f34b38853304

jbcs-httpd24-mod_jk-debuginfo-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm

SHA-256: cba6e1daf5535f74c2515dc94820662e82290344381d31e2dd75a9d5fb97ce68

jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm

SHA-256: 3a68917f1234d8f916cf64f42a3a9131b987034be05cfaf1cd8425c599da210e

jbcs-httpd24-mod_ldap-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 168808813cbd611777cffbc40ea36a395b9a452b97ee4b0d0dbe21cebbf26abd

jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7.x86_64.rpm

SHA-256: 0f57c0ce077ea3ca2bd4d5e5b4f887d54736d07368f29a156951e7bd2848e7b0

jbcs-httpd24-mod_md-debuginfo-2.0.8-41.jbcs.el7.x86_64.rpm

SHA-256: c902facc27e221bc5d5535a52b00399ecfda0ee9931e7cbd5646f09dedbd1e46

jbcs-httpd24-mod_proxy_html-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 3baac1270c3d3206baf7e6960706db916b667b01bcd142cf50e9cea9583b68df

jbcs-httpd24-mod_security-2.9.2-68.GA.jbcs.el7.x86_64.rpm

SHA-256: 83ac91a4c86314df5de8eb0f0a195f64760e307661fd9d53bda6521be242b297

jbcs-httpd24-mod_security-debuginfo-2.9.2-68.GA.jbcs.el7.x86_64.rpm

SHA-256: e7b694907e1668dc7f393aea6534ad31a031411c9337f4090d189598c407d20d

jbcs-httpd24-mod_session-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: ee8df4ae1a14ce231ff5bafeeeccca24775a369c6212b210c111c052d666af37

jbcs-httpd24-mod_ssl-2.4.37-80.jbcs.el7.x86_64.rpm

SHA-256: 0703601dca846cda5158febe72ab9c2767989442e11d4b879638c757ca61dd33

jbcs-httpd24-nghttp2-1.39.2-41.jbcs.el7.x86_64.rpm

SHA-256: 195d843ee39e748819492f5bf00c809c29e9725d111862a5c474c6128f8b780e

jbcs-httpd24-nghttp2-debuginfo-1.39.2-41.jbcs.el7.x86_64.rpm

SHA-256: 492a874f081a3ac4b75bb7b89c7f35a972f1c69639eea38f4140b175b5346886

jbcs-httpd24-nghttp2-devel-1.39.2-41.jbcs.el7.x86_64.rpm

SHA-256: 85410de167ff1452d10f82fced2c99236ecf8fb11688e431e02b72eefbd697d6

jbcs-httpd24-openssl-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: 072e58f1a55ab65a5f5c8c525e6b8ed31aed672bdcfa53813fdd45801445b1c6

jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7.x86_64.rpm

SHA-256: b8c442f6465a7516b5dc5f0a68cce845aa0d46c82449fa2f4d801fea0bff6f36

jbcs-httpd24-openssl-chil-debuginfo-1.0.0-11.jbcs.el7.x86_64.rpm

SHA-256: 23adff1f75706ab520ed76a95652ef0a3c8da02eed83b16b81860f9702f6cf3f

jbcs-httpd24-openssl-debuginfo-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: 1cdcb802c83e74ba2544c08aeb6709b0a9718a79a85c9e77ce72777a330738c7

jbcs-httpd24-openssl-devel-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: 2b7b22b6ff6747016c6a40f201e5b12eaf6105440c917a167d81cf22cac87362

jbcs-httpd24-openssl-libs-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: b58783d7c6934820f15e3c0779a289ae6bfe59b45c9238367ec4b5b8a9afa84f

jbcs-httpd24-openssl-perl-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: a672034c016985dd42a255835e88a7a900f623cf3a94eb84a9db9d959a4b2af0

jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7.x86_64.rpm

SHA-256: 41d4dd61f853dc7dfafbd610f18383815c1cc84990ee57cf11cd0df54e18fcc9

jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-26.jbcs.el7.x86_64.rpm

SHA-256: 8cc1af1004711f55b5046c376c4013270db2328b03257ed9f3a760bced380483

jbcs-httpd24-openssl-static-1.1.1g-11.jbcs.el7.x86_64.rpm

SHA-256: 40d0d50bab8313fd91ee8923cb4415264420baaba3c84127d0140eaaeb8bd1d9

Related news

RHSA-2022:1461: Red Hat Security Advisory: Logging Subsystem 5.4 - Red Hat OpenShift Security and Bug update

Logging Subsystem 5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

CVE-2022-24874: Build software better, together

acs commons is an open source framework for AEM projects. ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html` endpoint via the `a` and `b` GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. This issue has been resolved in 5.2.0. There are no known workarounds for this issue.

RHSA-2022:1478: Red Hat Security Advisory: Satellite 6.9.9 Async Bug Fix Update

Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-27023: puppet: unsafe HTTP redirect

CVE-2022-24865: Fix must change password (#5638) · humhub/humhub@eb83de2

HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.

RHSA-2022:1390: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3518: libxml2: Use-after-free in xmlXIncludeDoProcess() in xinc...

CVE-2022-24861: fix some security bug (#103) · vran-dev/databasir@ca22a8f

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.

CVE-2022-24871: Shopware 6 - Security Updates

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.

CVE-2022-0540: Jira Security Advisory 2022-04-20 | Atlassian Support

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

CVE-2022-24864: Remove presale join endpoint by DanielVF · Pull Request #617 · OriginProtocol/origin-website

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the [email protected]. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient’s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email. There are currently no known workarounds.

CVE-2022-26133: [BSERV-13173] Bitbucket Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2022-26133

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

CVE-2022-24862: Build software better, together

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.

CVE-2022-24799: fix: Improve message rendering (#12748) · wireapp/wire-webapp@d144552

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** an...

RHSA-2022:1455: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1440: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective ...

RHSA-2022:1463: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 8

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

RHSA-2022:1462: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 7

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle's April Critical Patch UPdate contains 520 new security patches. We spell out some of the most important vulnerabilities. The post Oracle releases massive Critical Patch Update containing 520 security patches appeared first on Malwarebytes Labs.

RHSA-2022:1469: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

RHSA-2022:1363: Red Hat Security Advisory: OpenShift Container Platform 4.9.29 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

RHSA-2022:1442: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective ...

RHSA-2022:1445: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21449: OpenJDK: Improper E...

RHSA-2022:1441: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...

RHSA-2022:1443: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...

RHSA-2022:1444: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) *...

RHSA-2022:1336: Red Hat Security Advisory: OpenShift Container Platform 4.7.49 security update

Red Hat OpenShift Container Platform release 4.7.49 is now available with updates to packages and images that fix several bugs and add enhancements. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.49. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0711: haproxy: Denial of service via set-cookie2 header

RHSA-2022:1370: Red Hat Security Advisory: OpenShift Container Platform 4.8.37 security and extras update

Red Hat OpenShift Container Platform release 4.8.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.37. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

RHSA-2022:1357: Red Hat Security Advisory: OpenShift Container Platform 4.10.10 security and extras update

Red Hat OpenShift Container Platform release 4.10.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

CVE-2022-27629: MicroPayments – Paid Author Subscriptions, Content, Downloads, Membership

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.

CVE-2022-24826: Build software better, together

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended progra...

CVE-2021-3101: Build software better, together

Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.

CVE-2022-24858: Upgrade Guide (v4) | NextAuth.js

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-28222: Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`

CVE-2022-21498: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

CVE-2022-1187: Changeset 2702715 for wp-youtube-live – WordPress Plugin Repository

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.

CVE-2022-1186: Changeset 2701343 for be-popia-compliant – WordPress Plugin Repository

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CVE-2022-1329: Changeset 2708766 for elementor/trunk/core/app/modules/onboarding/module.php – WordPress Plugin Repository

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.

CVE-2022-24825: Build software better, together

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later.

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

Exploring what's next for public-cloud security, including top risks and how to implement better risk management.

CVE-2022-25648: Command Injection in git | CVE-2022-25648 | Snyk

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.