Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1546: Red Hat Security Advisory: polkit security update

An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#rce#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-04-26

Updated:

2022-04-26

RHSA-2022:1546 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: polkit security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for polkit is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

  • polkit: file descriptor leak allows an unprivileged user to cause a crash (CVE-2021-4115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2007534 - CVE-2021-4115 polkit: file descriptor leak allows an unprivileged user to cause a crash

Red Hat Enterprise Linux for x86_64 8

SRPM

polkit-0.115-13.el8_5.2.src.rpm

SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f

x86_64

polkit-0.115-13.el8_5.2.x86_64.rpm

SHA-256: 5fe2ab47598e26b639a064d598d7de128bea186882e7d6566f3fa2e9785146d2

polkit-debuginfo-0.115-13.el8_5.2.i686.rpm

SHA-256: b3bf14c7053b3694f1e07ec474c78e9b27378dd3ff9fb8792e3e7d1237644f00

polkit-debuginfo-0.115-13.el8_5.2.x86_64.rpm

SHA-256: a4380e3cc0c7c0e01b513c539c7f271dcf35c22caa039754ddbb452bd43c47a1

polkit-debugsource-0.115-13.el8_5.2.i686.rpm

SHA-256: 04f7a6e926adf0964b6981f7e72d64fb14343dd09074251a66779bde4ec0e409

polkit-debugsource-0.115-13.el8_5.2.x86_64.rpm

SHA-256: 4bae4bdc059e6b84092f72f3048c2ce850a8b4adb38fdeddc60850aaa93a11cb

polkit-devel-0.115-13.el8_5.2.i686.rpm

SHA-256: e67ea7c7458a9b14ad271c526f520a55a6363ffab9e2d380e978d189d2f5c012

polkit-devel-0.115-13.el8_5.2.x86_64.rpm

SHA-256: d6756be229761e14d826428c64967cb23dc976f22fdfb8030dd1a6578792bee3

polkit-docs-0.115-13.el8_5.2.noarch.rpm

SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678

polkit-libs-0.115-13.el8_5.2.i686.rpm

SHA-256: 7ee651307dfea8fab80ca6bdfd24817aea4418ebf8d0eaae172a8aa90b55906f

polkit-libs-0.115-13.el8_5.2.x86_64.rpm

SHA-256: 6bba682f10442683a27978d52ab1a9780d85800486229f49935f36e577a681a2

polkit-libs-debuginfo-0.115-13.el8_5.2.i686.rpm

SHA-256: 159df69790752db632c9056d4d52614a35b958250c7d80283bb5b3168e9bb807

polkit-libs-debuginfo-0.115-13.el8_5.2.x86_64.rpm

SHA-256: e8abacc22c618f6e259bbcec2bb1aec8fa8233b7172e6264a4fcfad78932fa1f

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

polkit-0.115-13.el8_5.2.src.rpm

SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f

s390x

polkit-0.115-13.el8_5.2.s390x.rpm

SHA-256: 502ff285fbfc0e3603606258600951c8b62f03608e7d85def61987daad70a38c

polkit-debuginfo-0.115-13.el8_5.2.s390x.rpm

SHA-256: 004b5e7a500e762729d909945e09172e7e40923f13ba1e59f0ec51646cd04ac5

polkit-debugsource-0.115-13.el8_5.2.s390x.rpm

SHA-256: d9d5fa81e824860243dc6206d3b762920a42a3a0d56147c4a286f22c16b9a774

polkit-devel-0.115-13.el8_5.2.s390x.rpm

SHA-256: fdbbc1da79b7c836cfe818fb8958405f4ab9bb54487b7c6e5ad97aec8b54d64b

polkit-docs-0.115-13.el8_5.2.noarch.rpm

SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678

polkit-libs-0.115-13.el8_5.2.s390x.rpm

SHA-256: 02eff1e3eff293912bdc14d1f5a3d04b71bb6574003489c3f47e1533589313de

polkit-libs-debuginfo-0.115-13.el8_5.2.s390x.rpm

SHA-256: 14739babc06ccc8587d9c0c9cc19d7d75a79db2f5247ebd8cf8f9cb4df69d1fc

Red Hat Enterprise Linux for Power, little endian 8

SRPM

polkit-0.115-13.el8_5.2.src.rpm

SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f

ppc64le

polkit-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: 31e501aed3feb39ea69d13986949b94edb9d60e84f661624607cb9597c92e525

polkit-debuginfo-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: 9e68285137ed51bc2677fab292e6c2a885321d8362ba27cad9067dad04bacded

polkit-debugsource-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: 7d8954b3e05d8276adae49f3ac99d2cb45676108246b4fae58ecfa6aa5a25421

polkit-devel-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: 4b1fb5f90f8de30c7a6b25752199344659a3185ae31be284afc7a47ace2fc46b

polkit-docs-0.115-13.el8_5.2.noarch.rpm

SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678

polkit-libs-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: bb21e679288f3e23627a8b079e13084b86a4c3f3d7f92456a891cfc335f648ba

polkit-libs-debuginfo-0.115-13.el8_5.2.ppc64le.rpm

SHA-256: 079e48d74a77db95e27c57767925114b4eb8618abfa871cee2019a72694c52ca

Red Hat Enterprise Linux for ARM 64 8

SRPM

polkit-0.115-13.el8_5.2.src.rpm

SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f

aarch64

polkit-0.115-13.el8_5.2.aarch64.rpm

SHA-256: 8113ea1ad2cea88083d707983c776a3a32b86e3e8bbf45c8cbdaebf27c4144f8

polkit-debuginfo-0.115-13.el8_5.2.aarch64.rpm

SHA-256: 320dcbc2376541d4c17e1927f6b27fa8f9f51d1673a8b565f0f7b4e7d6f61416

polkit-debugsource-0.115-13.el8_5.2.aarch64.rpm

SHA-256: cb9d80f0f732a046170f179bf24eb7cf1bfc21ffd0b1346098c97083fa76a271

polkit-devel-0.115-13.el8_5.2.aarch64.rpm

SHA-256: 835086cd8a78bef5b019cb2302fc227100c03d2bb085f702e5d776c316920efa

polkit-docs-0.115-13.el8_5.2.noarch.rpm

SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678

polkit-libs-0.115-13.el8_5.2.aarch64.rpm

SHA-256: f3536a230683afe22d3f1e9491b851cda1be68e1f3a33dec99ddb4552ff71068

polkit-libs-debuginfo-0.115-13.el8_5.2.aarch64.rpm

SHA-256: 8edaaf4ceb6ec832db92fa2f26334951c4c5b1dc14788145e1f2b604c8401883

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-22323: IBM Security Identity Manager buffer overflow CVE-2022-22323 Vulnerability Report

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.

CVE-2021-38874: IBM QRadar information disclosure CVE-2021-38874 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

CVE-2021-38939: IBM QRadar information disclosure CVE-2021-38939 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

CVE-2022-22345: IBM QRadar cross-site scripting CVE-2022-22345 Vulnerability Report

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.

CVE-2022-22312: Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is vulnerable to a denial of service vulnerability (CVE-2022-22323, CVE-2022-22312)

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.

CVE-2022-24889: Build software better, together

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.

CVE-2022-27905: Security Advisory - State Farm

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

CVE-2022-27239: Linux CIFS Utils and Samba - Free Knowledge Base

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

RHSA-2022:1628: Red Hat Security Advisory: web-admin-build security update

Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache

RHSA-2022:1626: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.6 release and security update

Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1627: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.4 release and security update

Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1420: Red Hat Security Advisory: OpenShift Container Platform 3.11.665 security and bug fix update

Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...

RHSA-2022:1619: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1618: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1617: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1599: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

CVE-2022-27332: Security Advisory ZAA-2022-01 | Zammad

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

CVE-2022-27331: Security Advisory ZAA-2022-02 | Zammad

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

CVE-2022-29701: Security Advisory ZAA-2022-04 | Zammad

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

CVE-2022-28085: AddressSanitizer: heap-buffer-overflow in function pdf_write_names · Issue #480 · michaelrsweet/htmldoc

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).

CVE-2022-29700: Security Advisory ZAA-2022-03 | Zammad

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.

RHSA-2022:1550: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1552: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char

RHSA-2022:1556: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...

RHSA-2022:1566: Red Hat Security Advisory: container-tools:2.0 security update

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1565: Red Hat Security Advisory: container-tools:3.0 security and bug fix update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1535: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1592: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1557: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...

RHSA-2022:1591: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

RHSA-2022:1555: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1589: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1537: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1540: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

RHSA-2022:1541: Red Hat Security Advisory: maven-shared-utils security update

An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

RHSA-2022:1539: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution