Headline
RHSA-2023:3625: Red Hat Security Advisory: OpenShift Container Platform 4.10.62 security update
Red Hat OpenShift Container Platform release 4.10.62 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
- CVE-2023-20860: A flaw was found in Spring Framework. In this issue, a security bypass is possible due to the behavior of the wildcard pattern.
- CVE-2023-32977: A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim’s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
- CVE-2023-32979: A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for the existence of files in the email-templates/ directory and use this information to launch further attacks against the affected system.
- CVE-2023-32980: A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to make another user stop watching an attacker-specified job. An attacker can perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
- CVE-2023-32981: A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing “dot dot” sequences (/…/) to create or replace arbitrary files on the agent file system with attacker-specified content.
Issued:
2023-06-23
Updated:
2023-06-23
RHSA-2023:3625 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.10.62 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.10.62 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:3626
Security Fix(es):
- xstream: Denial of Service by injecting recursive collections or maps based on element’s hash values raising a stack overflow (CVE-2022-41966)
- springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
- jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
- jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin (CVE-2023-32979)
- jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)
- jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element’s hash values raising a stack overflow
- BZ - 2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
- BZ - 2207830 - CVE-2023-32977 jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin
- BZ - 2207831 - CVE-2023-32979 jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin
- BZ - 2207833 - CVE-2023-32980 jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin
- BZ - 2207835 - CVE-2023-32981 jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin
CVEs
- CVE-2022-41966
- CVE-2023-20860
- CVE-2023-32977
- CVE-2023-32979
- CVE-2023-32980
- CVE-2023-32981
References
- https://access.redhat.com/security/updates/classification/#important
- https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Red Hat OpenShift Container Platform 4.10 for RHEL 8
SRPM
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.src.rpm
SHA-256: dcd3d373256ef48a941d1bbe5bf93b19c754b9afb7ca3c12245fa504a6f6c738
jenkins-2-plugins-4.10.1685679861-1.el8.src.rpm
SHA-256: a22bf2015a6de7c3d61921c990051dcbbe1558c03c8bde5707807e545547ef92
jenkins-2.401.1.1685677065-1.el8.src.rpm
SHA-256: 52c87f6be57a66fb2f1d0101ce9adcf92de66522beb883febd068c02d1d58e67
kernel-4.18.0-305.93.1.el8_4.src.rpm
SHA-256: 7d4f335ddfdf279a859b9e7f0399f3ec970510e3f3b548d85ce5ca9d1ecb22b6
kernel-rt-4.18.0-305.93.1.rt7.168.el8_4.src.rpm
SHA-256: 68fbdca9263e26ade96990b199b1e02dc2229e1263633ce500227634753f97fa
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.src.rpm
SHA-256: ca1af162db00abae34e6c74392481fbe673f200f7c0c8472c88c4b04ee02d420
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.src.rpm
SHA-256: 4662ff12aaf6f88b3d1cf41e29899d2e40048377d98409ad9488bd1025c2d4c5
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.src.rpm
SHA-256: 05eea471263cf0dd00a799f0d63b2e87073cfe7cc80d7aa2153e388c1fae3125
x86_64
bpftool-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 976ffac68459f0aa5b2221a62200e481775c9b61cf885408905ccfd23b5cc280
bpftool-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 34810e21ea1098a2fcb5721785ddd2dcdc7eae680fde0fde4e980aeccbba645c
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm
SHA-256: af39acbd69385ee29fc43421e8eb949ce892c7d161992e7f399aa3be09e691b4
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm
SHA-256: 617f67912b9a43883e6e75453c1b99d946abdead9761381970396c1dc09f401e
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm
SHA-256: 7f4220cc5ad1975b1cb9661a50e7b08b5a24ede191f7db6c1dda5b495edcd4e1
jenkins-2-plugins-4.10.1685679861-1.el8.noarch.rpm
SHA-256: 61ef78b588cbbee55def3e06c062825d6558617c1fe2054706b800d578424681
jenkins-2.401.1.1685677065-1.el8.noarch.rpm
SHA-256: dbe5fe9e85dc071a6eaf4247ece2ca8b31d97b9a78890d2db451f0498ba58ecd
kernel-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 073d5df4c3032b8ddb3cd5e2197234d2c2d5127f0c35f3a4324a0947e1e4656f
kernel-core-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: cba6205beae4c8b26f7018f7e9697f530a9f54833f82fe4f01dcd5fa99505349
kernel-cross-headers-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 57d2276e8216dd3c7e46fc62425fae133c4180551812c697a662fa7da19d2f96
kernel-debug-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 73d4e76a93056317661f44fc7caa694b1edb7a5be71a0307579301da60e3ec19
kernel-debug-core-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 1f7f4c3b2583ac5f72247794b0cc9be55de77c29268dda4c878cb87205b3c7fd
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 04890c9e97d2076f3693984293818e9d72b7b9bfb4447abe6867e916c8dec03c
kernel-debug-devel-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: effd5b658eb220f766de9ef68980dcd80e9a8c78d359e9c2b47529043a57ca76
kernel-debug-modules-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 6ec4197e6f40dc2596136c00bac5edab391ceb53bb4f81eb0e7d8bf7bc968417
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 2a83a08c065d42ec74edeb17975b950b7d62144b3ee094622db03478e83b89a7
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 6042b0078dcf4c6bbc2e16080427216816c978f0995681a6dbebf220ed6a74db
kernel-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: ec7b2f410b8ebf621bd47cc86e052e4df2c6f17d170c51da6acde3e6f9c04654
kernel-debuginfo-common-x86_64-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 722cb141a0e5673bfd4ada696333ccb5f320c0c90711c7c0d079fb6bf99d10b8
kernel-devel-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 238f73c0ad795baca28fe32bba952488cb76e81e1e7afade82d0f66bc6024668
kernel-doc-4.18.0-305.93.1.el8_4.noarch.rpm
SHA-256: 977ea2c7e0b851a5fcc48eee3260263c28cf521db2fd37ae04f9e7c8edc06344
kernel-headers-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 1b2263ae00034a7b7242978c8f935422ff6a2952bc4dbb16ed955c4f7481f541
kernel-ipaclones-internal-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: fbc4b6dab69c5fd42b1350ee065cea42583df1b4cf221022858446c81110277c
kernel-modules-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: b8d4d8522fc43687eac74ad1c420671932c214f0518a80c1e6d705ae6c3165e7
kernel-modules-extra-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 9b8155a67810869b7e428030579db9f6b18f5533fd9b3e5a4dc8e0118a1a9d4b
kernel-modules-internal-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 2c5c7cd94b4f3a3895587b04c2382d7759a2566bb71db745f1e672c1bb22b7c0
kernel-rt-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: e800d4aaf41dc3e5d98dfe1031f3887099e89c458b971b7b1b6a21d89bbc9ce3
kernel-rt-core-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 049069303f06f563b7d9c31f7413719872a4c0c013a0c068759d6b12a4ddf6f4
kernel-rt-debug-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 97d706fcafa080111d9867b514f8eccd647fc136ace918fa33cbece636205d6b
kernel-rt-debug-core-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: b06f79ba0000c3e324f48ac754604ec3c0df04d57d80e45672a5ecd53aa1a3d2
kernel-rt-debug-debuginfo-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: d95b1d5315d8ae820db4bd29d91b0fc2cd9aff91ff6eec7293e27be11491d5ee
kernel-rt-debug-devel-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 65d37a3b6799cf95a1a9be144fd00409120c17cc2f64a009e0c87d9126dacf6f
kernel-rt-debug-kvm-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 2002d92ae6643eea09ad9e18ceb31dfde3320096cb5aaa99a7a95926a3ea20ef
kernel-rt-debug-modules-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: b2161d66de93b1b39381d0a817df582d8771bcfc81c605b15577585f8e93507f
kernel-rt-debug-modules-extra-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 7bb02cce1b90eab5b57240e0dc209544b751c46936dec15451cdc5c37e913343
kernel-rt-debug-modules-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 57c5c8ca68198b281ef8dc9427349bb5242345914eb6570e2a853e952ecd356c
kernel-rt-debuginfo-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 90ff275c24258b82e85063ed822ddbd9289ec9fa2cedd00b46b3be562f8e21cc
kernel-rt-debuginfo-common-x86_64-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 786be7c15835165d0232ba3d601e8541cf4ca7063258b555eb7927d178557736
kernel-rt-devel-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 493d4cc5d467fe3b4ab87dc2fb64ed8fc6ecae9f5ca919ac16f555b4b71b661b
kernel-rt-kvm-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 268bf2dfe6cd6396454c02b2b1e91980c167edd77367ae11b8574104d67463d8
kernel-rt-modules-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: b856bb49532e6fa37a4994c39a574afb23fc71207f8f3f2794f95212e78cb632
kernel-rt-modules-extra-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 61acdd5b347088baba429b445fc143db0ef234aa994e94778cecf590841891a5
kernel-rt-modules-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: a738f4e4a52d0206905f8e417d33f3295545ebcc8f13ded002b604cd6c600a7d
kernel-rt-selftests-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm
SHA-256: 4381d926dd21bb7f8aacc4fa9e45e006665d1e270ebcb47f3748177f17a97dab
kernel-selftests-internal-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 750a156a4391181aaa77a663139025248cb2f45cb1151519725b806bd72a84c5
kernel-tools-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 7575bfaa064b8ab77f856628facb886fbe334f5c7e182db11c9a8725795cc4ea
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 116c3031d12c8759070d8a4121639a0ddb14080e01a94dbfc73ed1667055ef18
kernel-tools-libs-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: c735f3bad9a88b44d054c4f1991408fd35a7445414160ec7f7fa95c18e78c7fb
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 735cf88d87ea7d0d5ed02472c724f23e3695419ecfae25bac7a0ad36924ce7ca
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: b767ea449762af9d40c105dfa4955ce7f9f2f1d0dfa9061e582a431b52c01e37
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: e1478f40a995c829cc8a3ebb0f870dec1380b67afa062600237a23b6557ffa8a
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.x86_64.rpm
SHA-256: 987535fe6ee9c20f434ebe62fa6a948c8d459bb17b73d522f9495473e279108a
openshift-clients-redistributable-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.x86_64.rpm
SHA-256: e69a107907a5f52443e928dad897248a163fd2e3fbf24b005b4d38be86aa6570
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.x86_64.rpm
SHA-256: 48623bb10e53104e46ee1c61429db9e9c6eb251990229b5cb882cbe81340e887
perf-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: d50de9e7a2cd7049f1fcb57115fb5ae9e29de444996f480bdec8650f0a72b98f
perf-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: ca6a55b52c3318701b3cbb65f8569183dc586cc496605addd41fbe592cc0ea7a
python3-perf-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 1e9f85e6118ac4c291c735b11bc538665e5f441b13869a0ccb29a9bbb8d5138d
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm
SHA-256: 6efd78ceee57f64316efdd44c2ee6418dd4a7b5fbd159b2684ed6b89174d246e
Red Hat OpenShift Container Platform 4.10 for RHEL 7
SRPM
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.src.rpm
SHA-256: 0055df81cd0ee81c01c3f6f52f05f74f57172b5e22a0b425bcbbe7ddb22e21cf
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el7.src.rpm
SHA-256: 48b84c7778ca5f235efb4c31ced33f655bf469ab6c8c432749df97308bfac17e
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.src.rpm
SHA-256: f8a443ba1883862d4fc2e979c72806909d0699398770c89e15bc5adcd4c25bba
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.src.rpm
SHA-256: 17ae7ec2ecfbe98d6fbba4100cde93ad21a055138d4ad4c9e47737c9eda16a73
x86_64
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.x86_64.rpm
SHA-256: 9110a49801ff6cb29f2bc575f4c2d3b05bc7dca90cd2b245ee78c763e4b311fc
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.x86_64.rpm
SHA-256: 413314d5ca5ab23783a24fa7529cf22ff0eb173f07878065045de42c72c0e153
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.noarch.rpm
SHA-256: 1563fca2e4f9cc4126fa058046b088f85f38a2e026b1ebb386407ab0123cdf50
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.noarch.rpm
SHA-256: cd10576e0ef911ffed3a79d924e91c09cb83f675ae4d48d6915cb24fcf636b60
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.x86_64.rpm
SHA-256: fc261fe4af23d44116ab48fac415b5cfefff5fa49229bda7c50e775ff1c24265
openshift-clients-redistributable-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.x86_64.rpm
SHA-256: a263dd5cf115026dc7cf53745f2ecd26eda4127b52b35896aa56c3d3b0994d68
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el7.x86_64.rpm
SHA-256: 9d0ffc9579445ae77274e04d3c2082ae94b6fb557dbeb6a3148672f1045fad26
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8
SRPM
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.src.rpm
SHA-256: dcd3d373256ef48a941d1bbe5bf93b19c754b9afb7ca3c12245fa504a6f6c738
jenkins-2-plugins-4.10.1685679861-1.el8.src.rpm
SHA-256: a22bf2015a6de7c3d61921c990051dcbbe1558c03c8bde5707807e545547ef92
jenkins-2.401.1.1685677065-1.el8.src.rpm
SHA-256: 52c87f6be57a66fb2f1d0101ce9adcf92de66522beb883febd068c02d1d58e67
kernel-4.18.0-305.93.1.el8_4.src.rpm
SHA-256: 7d4f335ddfdf279a859b9e7f0399f3ec970510e3f3b548d85ce5ca9d1ecb22b6
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.src.rpm
SHA-256: ca1af162db00abae34e6c74392481fbe673f200f7c0c8472c88c4b04ee02d420
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.src.rpm
SHA-256: 4662ff12aaf6f88b3d1cf41e29899d2e40048377d98409ad9488bd1025c2d4c5
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.src.rpm
SHA-256: 05eea471263cf0dd00a799f0d63b2e87073cfe7cc80d7aa2153e388c1fae3125
ppc64le
bpftool-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 052bfea208c73c5bbcf216ce6eeff6835be689dd1b358610483260868110aa06
bpftool-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: ccb1b4571fcf7976bedc46a3e9a44618d85ccd2a2d85afc854364a3db8cbedaf
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm
SHA-256: 6e5a1e531088ea96767f61f6f65251282860f740be650ae041cc3204ee374f79
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm
SHA-256: dd385ca18cfac43f7292869e415a6d1a929f3f9f1a20eb4ea85208ac47347def
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm
SHA-256: 0d0b62f27b1c70b5d0412b48ce535685ee62f39e8267f621008d3809ac549dda
jenkins-2-plugins-4.10.1685679861-1.el8.noarch.rpm
SHA-256: 61ef78b588cbbee55def3e06c062825d6558617c1fe2054706b800d578424681
jenkins-2.401.1.1685677065-1.el8.noarch.rpm
SHA-256: dbe5fe9e85dc071a6eaf4247ece2ca8b31d97b9a78890d2db451f0498ba58ecd
kernel-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 6be602243aa17cc71860446268e85a706b045bf2b7d777e8ccb16c3ecff261fa
kernel-core-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 931e5346450b71133e96a24e79067106d885a9709bd7badb6c007e57a81f6c6c
kernel-cross-headers-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 2a7026e1ec9d60045a13c66a158c67252f2c161c5ff4b8e85371ecf21022421c
kernel-debug-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 02f0002797dbd1cbb0369b1f885c5df43166ee7162dd501ac56a49d8e842de6d
kernel-debug-core-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 182ad6e84149f0523fe5d2f6f2484e09c06479c60344996c612d959ac083df68
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 857e587bda3f834f73f56c2d2afdc489d9a11d00575ba333cb78d9e3be644205
kernel-debug-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: a94868471fadf3928a971fb6ff5f3df29ba9957284daa2c62375d67dbe38ac96
kernel-debug-modules-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: d009ae38e3e91cdcf46ec3690480a12004778d952b450ccb3461799de5f9e46a
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: db515f1a01bf4da81d8f1643bb31a06f62c4e38eb1d2e5f3da8605e2bf1da048
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 85f892748acc83190d36319b01eea296a13aa62fb80bf0ac502a2217e2c985cb
kernel-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 8901a3d8a5ef5fa5996495e29a6212a8ef857f8aa826560682c7fada7b5f564b
kernel-debuginfo-common-ppc64le-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: f9ac84c0f6a9a89b2515448dbcb30426099bca746ed06416e52603a7cc97f426
kernel-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: c453791cedb388450ce8fe5236166fbf2032b052326a080a038df0c8c0ac5f1a
kernel-doc-4.18.0-305.93.1.el8_4.noarch.rpm
SHA-256: 977ea2c7e0b851a5fcc48eee3260263c28cf521db2fd37ae04f9e7c8edc06344
kernel-headers-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 849b070307a7b93eceb7b7b20bcd9156406dfeac43391f0ed5ded74857483819
kernel-ipaclones-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 7eca799d681ed9738943fbeb515a327f53446c012639596c77d31cb2271be7ad
kernel-modules-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: eef145d8a6c6ff5be4c66745fdedf8e68946c494f3804a452837232ff0d36dcb
kernel-modules-extra-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 961ce084c86351d1f8ee3dbb3356151945cb8d49e810960c664c3227e5b2d642
kernel-modules-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 5225bb5ee19daad5beff826eb994ae8b9a3c22eda6533d089297ec79f789431e
kernel-selftests-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 99e57f1a32d9e116bebb2b4d8e0901418ee342639db0954bef9ecb0d1f1be824
kernel-tools-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: d1a4af81a1270ec3b4a1c8abff0c4e5083326000e139653bd212f47719103645
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 1f10e2f142145f14dc2133307dd86576e61813ae552cb3cb454931eb9697af5b
kernel-tools-libs-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 9f2c1801d845edeb92713f23a8bacbc61fef2c066b4e1f339fd7ca99008296d2
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 897d07596f9dfd88b4fd0795c96f018000ac5ebb303efc6b81035b60f2218e4b
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: b767ea449762af9d40c105dfa4955ce7f9f2f1d0dfa9061e582a431b52c01e37
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: e1478f40a995c829cc8a3ebb0f870dec1380b67afa062600237a23b6557ffa8a
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.ppc64le.rpm
SHA-256: 484a8891aa49674f42d71f0c09d122d0bce9d58ea77ceda30cbebae4ca744ca1
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm
SHA-256: 811e075640d91b6d81ba24562b77ff18075764bd288a8c2864123c8711e90aea
perf-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: ac74c33fda76dc3ded292d413ad4f6aa27af6647fe7a020d6b1559b9caf0f45d
perf-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 1a881bcdd42894470d2d984ecc96de047dc1a2b01c1ab5da06020d0d11a66d84
python3-perf-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: 3b33efa3d4b94642fa16f71adebd4443e0e078fa5d7d8b6c74c2830c81d4fa72
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm
SHA-256: f37d1cc9ae1f5acddf482ff8fdeaae16b12f26cdcadfd338ae5dd8618d9e20e9
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8
SRPM
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.src.rpm
SHA-256: dcd3d373256ef48a941d1bbe5bf93b19c754b9afb7ca3c12245fa504a6f6c738
jenkins-2-plugins-4.10.1685679861-1.el8.src.rpm
SHA-256: a22bf2015a6de7c3d61921c990051dcbbe1558c03c8bde5707807e545547ef92
jenkins-2.401.1.1685677065-1.el8.src.rpm
SHA-256: 52c87f6be57a66fb2f1d0101ce9adcf92de66522beb883febd068c02d1d58e67
kernel-4.18.0-305.93.1.el8_4.src.rpm
SHA-256: 7d4f335ddfdf279a859b9e7f0399f3ec970510e3f3b548d85ce5ca9d1ecb22b6
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.src.rpm
SHA-256: ca1af162db00abae34e6c74392481fbe673f200f7c0c8472c88c4b04ee02d420
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.src.rpm
SHA-256: 4662ff12aaf6f88b3d1cf41e29899d2e40048377d98409ad9488bd1025c2d4c5
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.src.rpm
SHA-256: 05eea471263cf0dd00a799f0d63b2e87073cfe7cc80d7aa2153e388c1fae3125
s390x
bpftool-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: f70975fea9841aa70c4d341ad612a494c7cb0f9f1b9934fd9d6a771bea62e3b4
bpftool-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: ccf5666c6f9386f2b8842e32927a88bfec404120d2be27b09ae07f96636d3fa4
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm
SHA-256: 13a23114b8abdaba8dba1010fb98ab56843adc495fb1f09d7102dd83831f0f9a
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm
SHA-256: a91574a8b11fcd3f11b83fc2d5ccd02671da38fabac2cd7136ffa9b7ed425031
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm
SHA-256: 3eed7f0be369fb4a030e034795f5277c5bde94a9e66ddd50a6d30ad402cd8096
jenkins-2-plugins-4.10.1685679861-1.el8.noarch.rpm
SHA-256: 61ef78b588cbbee55def3e06c062825d6558617c1fe2054706b800d578424681
jenkins-2.401.1.1685677065-1.el8.noarch.rpm
SHA-256: dbe5fe9e85dc071a6eaf4247ece2ca8b31d97b9a78890d2db451f0498ba58ecd
kernel-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 2b59f78512a5faeabd2ad5b13bf50301564ef0ad7d708b05dd09d0f71bae80f2
kernel-core-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 994b2424ba31b1a420eb17e84e3d44bab8d6d6286cebb78a2e4883e8b5b2fabd
kernel-cross-headers-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 47d5d691e9447e836aa1b037733fa8836a36a730be3dc0662be2861fc6288989
kernel-debug-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 1cefa9e89e767e6c8e2f76dca4b6081f68792c45f1b407a9c030979a6398797c
kernel-debug-core-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: da5cb18b349141e8dce7f71a7574110b97a3a0b0d521946d716b2f91c3f51046
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: e331950f2abccb6e9ed9980029a002f8b93714e3027e326754e79c66d795e619
kernel-debug-devel-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 07b8a8a389c18e5049cd42df0625fe5d02f5c0a9d1aa009379ebb7ec8dcf3359
kernel-debug-modules-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 8146cd9916781a0f2fc2d00582d94ea00b2078c3b017c7b664454fee772621c6
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 164b589e7297bfdbc585f38d393f22753a7e8a8750c8a2074209a63ed1aae7da
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 53d822f18d9927304575529a15eaa29b5be19a6e28ebec51db5cd087d4c9adc2
kernel-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: a23c54869b5ea8e47975bc870b6e1bee6a1629e483b5d8a204f1b31f1aebd24c
kernel-debuginfo-common-s390x-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: c9c08afe86960f031dfa9393180db81ba0584455d02f99fd1c7056a5226317d7
kernel-devel-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 318ef517f582a260417c5fddd179b261b70a1acb18cd7cd9aa949c3d74f94388
kernel-doc-4.18.0-305.93.1.el8_4.noarch.rpm
SHA-256: 977ea2c7e0b851a5fcc48eee3260263c28cf521db2fd37ae04f9e7c8edc06344
kernel-headers-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 466f659588f1f79e63f4b0e1a8d36e1aa9a96cfe292439edf638090929913df2
kernel-modules-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 276f9e45529ec157a137b22a78b341298563ff321e4a43b5b05a771c23a31e32
kernel-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 6c877164feabb3d675567544c041c807c8e67e4f3bbb5f17f314ad1a5623a3d1
kernel-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: e28ccd6f804b906d46fb749c169d938a385f584eae2721846dc0843f7918b462
kernel-selftests-internal-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 43c9ce192d76a114bcf8ccd32e48778c18d2fcc81f804bc1b3b586a747331d6c
kernel-tools-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: f443a9afeb47a1ccd4716e68b5a0cd97f486053c4207c330ec0539956390e1b3
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 62a63eba016205c4c4b72cd20c1e4dc9bcb4756647a9a3ce6e964872ca5bd405
kernel-zfcpdump-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: d18ee92178da08fdc6d1db3dc89f9036ac3e189c2301905f78277567fc56fbd1
kernel-zfcpdump-core-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 22bd8e1e451b0dbd447373b80b9788db6e7c4525a6a813226bd3003b87d6fb70
kernel-zfcpdump-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: d2f30b886dec4dc8315eddcdfab29df470b9b7c0db2cde6bd4626bac888a953a
kernel-zfcpdump-devel-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 91f134ed1eb95047260dd9ee00714321242091c82099f88f862446077cee3c6e
kernel-zfcpdump-modules-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: f2ec408342189a05da9dadcade503f78e6666179c62c97f93615c527653b2617
kernel-zfcpdump-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: eafcca8ae8b34133464ade3bb3e71b9d107a68f35131c8738266c425cb8038d6
kernel-zfcpdump-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: d3b270e0953627b355647e3aa66142327fe9bb56d30a2c6117bc62c4610108b6
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: b767ea449762af9d40c105dfa4955ce7f9f2f1d0dfa9061e582a431b52c01e37
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: e1478f40a995c829cc8a3ebb0f870dec1380b67afa062600237a23b6557ffa8a
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.s390x.rpm
SHA-256: e73fcb2cdaacf5db9fd6de5479f848110f5845d2b14d6790a3d2f0295379d3ce
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.s390x.rpm
SHA-256: 08cb6771babf897d9526cd5953900580aa9a6e1c441706b0a7ca5c5a17610e10
perf-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 2b3083c087db999d1ed178678088368e24c9dfddd2d09abcb51ed559fcf7bcac
perf-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 66270d613bd285f0b33f826f137184417272e62e634a790f1b5dec624cadc47b
python3-perf-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: fd5e95f1e84097e7ffe4fb88bcab6a501ae357de194486ef580e9d1baa07d7e8
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm
SHA-256: 57dfb03e93a50071ed56e4f18c7857c3690454b388beda6151e4c8176d605332
Red Hat OpenShift Container Platform for ARM 64 4.10
SRPM
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.src.rpm
SHA-256: dcd3d373256ef48a941d1bbe5bf93b19c754b9afb7ca3c12245fa504a6f6c738
jenkins-2-plugins-4.10.1685679861-1.el8.src.rpm
SHA-256: a22bf2015a6de7c3d61921c990051dcbbe1558c03c8bde5707807e545547ef92
jenkins-2.401.1.1685677065-1.el8.src.rpm
SHA-256: 52c87f6be57a66fb2f1d0101ce9adcf92de66522beb883febd068c02d1d58e67
kernel-4.18.0-305.93.1.el8_4.src.rpm
SHA-256: 7d4f335ddfdf279a859b9e7f0399f3ec970510e3f3b548d85ce5ca9d1ecb22b6
kernel-rt-4.18.0-305.93.1.rt7.168.el8_4.src.rpm
SHA-256: 68fbdca9263e26ade96990b199b1e02dc2229e1263633ce500227634753f97fa
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.src.rpm
SHA-256: ca1af162db00abae34e6c74392481fbe673f200f7c0c8472c88c4b04ee02d420
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.src.rpm
SHA-256: 4662ff12aaf6f88b3d1cf41e29899d2e40048377d98409ad9488bd1025c2d4c5
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.src.rpm
SHA-256: 05eea471263cf0dd00a799f0d63b2e87073cfe7cc80d7aa2153e388c1fae3125
aarch64
bpftool-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 98b7a3a2d415fc982ac5bfaedf8bef8d75da7d3bc896287e049183a969d6e7fe
bpftool-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: d44fc04cbc21a2f164fed42a40aae7e75ccda728f5851e4d1c851309e1bf26c7
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm
SHA-256: 4a993855244f50482207170a66eb0c66222f98ae0db68b813491adfbcc697c29
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm
SHA-256: c2a53d80f1dc2bfeb91c460b0b02fd0d8af6b4220e29134e84d8d8147fe87a0c
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm
SHA-256: 0abcccbc4edcef5f241a1499dc4cea02b90c89148040a29b283a61356fd58d25
jenkins-2-plugins-4.10.1685679861-1.el8.noarch.rpm
SHA-256: 61ef78b588cbbee55def3e06c062825d6558617c1fe2054706b800d578424681
jenkins-2.401.1.1685677065-1.el8.noarch.rpm
SHA-256: dbe5fe9e85dc071a6eaf4247ece2ca8b31d97b9a78890d2db451f0498ba58ecd
kernel-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 7991460a42df071e269d43c02648abf7a8c1f70b70b1d628b7ad2f4944fac83e
kernel-core-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: c853bb3fcff804d98555eb53da986608e5fbddb257729f3468af7ae267e83e83
kernel-cross-headers-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: c4cffd01f7ccbba872132c4c436ecfc9e495912bf988d0a51f18ebd2745fcc6d
kernel-debug-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 8d2a07bf4f23d23556ed56b28cbf8ddfc93d049dff41526f6faf54c061bb5792
kernel-debug-core-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 7a4acbde8fb9ec790f6406aa053da21557118ce854dd97ca9eb975a4f4fd2172
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: f59d37daa4c5085222282c8572c8bb45a9b132919293ee2d5fc534101db07672
kernel-debug-devel-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: fd879f4edf6280ff97cd98c13ff93bb3e1732821e4b9f66a8ac662930b988241
kernel-debug-modules-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: bd8adb654c76379a0c951211f8d982feb48bbcf7c807cb4e2674813456078475
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 5a541cf7e4eec9a10c9921b865a672536dc052c39dc853789eaaeca4bafddd5b
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 9b3914a05257d081fa5463795e578fe6d0f2da0fbb22d1d39c725d13ce131b23
kernel-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 64b63e145618dc4d56d8b1d515f394269b9b874cc54eae7b9ec621368a344c44
kernel-debuginfo-common-aarch64-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 478b7ecdcbcff0194844d6972295e1c41448aa498db0fa80cb45183f23488ddf
kernel-devel-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 4018cdc954effea585d17cde8f0bd18e3fc8d224eb2947e9792c98ae603afa8c
kernel-doc-4.18.0-305.93.1.el8_4.noarch.rpm
SHA-256: 977ea2c7e0b851a5fcc48eee3260263c28cf521db2fd37ae04f9e7c8edc06344
kernel-headers-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: b965951e437d14891eb3fdda74ba2360efaa39d77fe72ed495532b095f622d17
kernel-modules-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: b4d1a45ee5c6158486d5302ada29b61586c12a2a54cb34ead2846c29e2bcabf3
kernel-modules-extra-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 46728c7bd9542b7c33d434fc1fb0df450918872c1c33cb23c7d9bab8a3a1b474
kernel-modules-internal-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: e312f5373c1f459d434d3406b265d9342e76d87a4acded08bc0be4dc356e6f44
kernel-selftests-internal-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 2a3fc2340fdc5d30ec3f1c2bc6b542bf2d056f8a45a18439aed9c0f85ae28892
kernel-tools-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 2783b857a105ab4d4803d5bdd5e699415107d4b0825e6f64def1898c0e0755e2
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 64d1cba30d1dae4ad22d957e301e25fb52b08e8b86d32bfa74931ac5668eda9f
kernel-tools-libs-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 8238c8df18ca90901d38cbea7bd725ca561fd30c70a2aca7d7eab5652502db2d
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 6641a5ca8e6a9dd1e3f3679a8087ba6c526e123d758b3f804877417af2c0d557
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: b767ea449762af9d40c105dfa4955ce7f9f2f1d0dfa9061e582a431b52c01e37
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm
SHA-256: e1478f40a995c829cc8a3ebb0f870dec1380b67afa062600237a23b6557ffa8a
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.aarch64.rpm
SHA-256: c6cce2a098e222666c4a04a208be5109d4c6b7cfacf480547df1d4fc78c194d4
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.aarch64.rpm
SHA-256: 2b581f045ee2e3ec816d65b6f7bc0f9cb24a4c8ac857ac2e75df72c18f922290
perf-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 2ffa197712c10231f0a86b1e8d4a8a2898f2961f4a29528ea3eacd82a0425be3
perf-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 5e386c7e5ba108817f456a8eb15e585c919fee0ea261f68734bf73d5bc685ab3
python3-perf-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 6719be97433134635e4246851affde24def70221df1691f41d04d1fac89a54d2
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm
SHA-256: 2f964f8dbb716f0ff3b9c9ddab466edada47e7d3cb315575e478ec34e6d684d7
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-30129: A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 * CVE-2022-3171: A parsing issue with binary data in protobuf-java core and...
Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...
Red Hat Security Advisory 2023-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. Issues addressed include bypass, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.
An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20860: A flaw was found in Spring Framework. In this issue, a security bypass is possible due to the behavior of the wildcard pattern. * CVE-2023-20861: A flaw found was found in Spring Framework. This flaw allows a malicious user to u...
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2048: A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests. * CVE-2022-22976: A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum wo...
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2048: A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests. * CVE-2022-22976: A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum wo...
Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack. * CVE-2022-30953: A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an...
Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wil...
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the `email-templates/` directory in the Jenkins home directory on the controller file system. This form validation method requires the appropriate permission in Email Extension Plugin 2.96.1.
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when "Do not allow concurrent builds" is set. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts. Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted.
Jenkins Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This allows attackers to make another user stop watching an attacker-specified job. Email Extension Plugin 2.96.1 requires POST requests for the affected HTTP endpoint.
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37533: A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about service...
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
Ubuntu Security Notice 5946-1 - Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Red Hat Security Advisory 2023-1177-01 - A security update for Red Hat Integration Camel Extensions for Quarkus 2.7-1 is now available. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.
Red Hat Integration Camel Extensions for Quarkus 2.7-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected...
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1471: A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE). * CVE-2022-3171: A parsing issue with binary data in protobuf-java core an...
Debian Linux Security Advisory 5315-1 - XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.
### Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. ### Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead. ### Workarounds The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. Following types of the Java runtime are affected: - java.util.HashMap - java.util.HashSet - java.util.Hashtable - java.util.LinkedHashMap - java.util.LinkedHashSet - Other third party collection implementations that use their element's hash code may also be affected A simple solution is to catch the StackOverflowError in the client code calling XStream. If your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode: ```Java XStream xstream = new XStream(); xstream.setMode(XStream.NO_REFERENCES); ``` I...
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.