Headline
RHSA-2022:1546: Red Hat Security Advisory: polkit security update
An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-04-26
Updated:
2022-04-26
RHSA-2022:1546 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: polkit security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for polkit is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
- polkit: file descriptor leak allows an unprivileged user to cause a crash (CVE-2021-4115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2007534 - CVE-2021-4115 polkit: file descriptor leak allows an unprivileged user to cause a crash
Red Hat Enterprise Linux for x86_64 8
SRPM
polkit-0.115-13.el8_5.2.src.rpm
SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f
x86_64
polkit-0.115-13.el8_5.2.x86_64.rpm
SHA-256: 5fe2ab47598e26b639a064d598d7de128bea186882e7d6566f3fa2e9785146d2
polkit-debuginfo-0.115-13.el8_5.2.i686.rpm
SHA-256: b3bf14c7053b3694f1e07ec474c78e9b27378dd3ff9fb8792e3e7d1237644f00
polkit-debuginfo-0.115-13.el8_5.2.x86_64.rpm
SHA-256: a4380e3cc0c7c0e01b513c539c7f271dcf35c22caa039754ddbb452bd43c47a1
polkit-debugsource-0.115-13.el8_5.2.i686.rpm
SHA-256: 04f7a6e926adf0964b6981f7e72d64fb14343dd09074251a66779bde4ec0e409
polkit-debugsource-0.115-13.el8_5.2.x86_64.rpm
SHA-256: 4bae4bdc059e6b84092f72f3048c2ce850a8b4adb38fdeddc60850aaa93a11cb
polkit-devel-0.115-13.el8_5.2.i686.rpm
SHA-256: e67ea7c7458a9b14ad271c526f520a55a6363ffab9e2d380e978d189d2f5c012
polkit-devel-0.115-13.el8_5.2.x86_64.rpm
SHA-256: d6756be229761e14d826428c64967cb23dc976f22fdfb8030dd1a6578792bee3
polkit-docs-0.115-13.el8_5.2.noarch.rpm
SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678
polkit-libs-0.115-13.el8_5.2.i686.rpm
SHA-256: 7ee651307dfea8fab80ca6bdfd24817aea4418ebf8d0eaae172a8aa90b55906f
polkit-libs-0.115-13.el8_5.2.x86_64.rpm
SHA-256: 6bba682f10442683a27978d52ab1a9780d85800486229f49935f36e577a681a2
polkit-libs-debuginfo-0.115-13.el8_5.2.i686.rpm
SHA-256: 159df69790752db632c9056d4d52614a35b958250c7d80283bb5b3168e9bb807
polkit-libs-debuginfo-0.115-13.el8_5.2.x86_64.rpm
SHA-256: e8abacc22c618f6e259bbcec2bb1aec8fa8233b7172e6264a4fcfad78932fa1f
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
polkit-0.115-13.el8_5.2.src.rpm
SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f
s390x
polkit-0.115-13.el8_5.2.s390x.rpm
SHA-256: 502ff285fbfc0e3603606258600951c8b62f03608e7d85def61987daad70a38c
polkit-debuginfo-0.115-13.el8_5.2.s390x.rpm
SHA-256: 004b5e7a500e762729d909945e09172e7e40923f13ba1e59f0ec51646cd04ac5
polkit-debugsource-0.115-13.el8_5.2.s390x.rpm
SHA-256: d9d5fa81e824860243dc6206d3b762920a42a3a0d56147c4a286f22c16b9a774
polkit-devel-0.115-13.el8_5.2.s390x.rpm
SHA-256: fdbbc1da79b7c836cfe818fb8958405f4ab9bb54487b7c6e5ad97aec8b54d64b
polkit-docs-0.115-13.el8_5.2.noarch.rpm
SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678
polkit-libs-0.115-13.el8_5.2.s390x.rpm
SHA-256: 02eff1e3eff293912bdc14d1f5a3d04b71bb6574003489c3f47e1533589313de
polkit-libs-debuginfo-0.115-13.el8_5.2.s390x.rpm
SHA-256: 14739babc06ccc8587d9c0c9cc19d7d75a79db2f5247ebd8cf8f9cb4df69d1fc
Red Hat Enterprise Linux for Power, little endian 8
SRPM
polkit-0.115-13.el8_5.2.src.rpm
SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f
ppc64le
polkit-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: 31e501aed3feb39ea69d13986949b94edb9d60e84f661624607cb9597c92e525
polkit-debuginfo-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: 9e68285137ed51bc2677fab292e6c2a885321d8362ba27cad9067dad04bacded
polkit-debugsource-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: 7d8954b3e05d8276adae49f3ac99d2cb45676108246b4fae58ecfa6aa5a25421
polkit-devel-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: 4b1fb5f90f8de30c7a6b25752199344659a3185ae31be284afc7a47ace2fc46b
polkit-docs-0.115-13.el8_5.2.noarch.rpm
SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678
polkit-libs-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: bb21e679288f3e23627a8b079e13084b86a4c3f3d7f92456a891cfc335f648ba
polkit-libs-debuginfo-0.115-13.el8_5.2.ppc64le.rpm
SHA-256: 079e48d74a77db95e27c57767925114b4eb8618abfa871cee2019a72694c52ca
Red Hat Enterprise Linux for ARM 64 8
SRPM
polkit-0.115-13.el8_5.2.src.rpm
SHA-256: a924f799e8b497de5cb34662a9b9d9afbcae8788b731df6c5b6df5583ddcde8f
aarch64
polkit-0.115-13.el8_5.2.aarch64.rpm
SHA-256: 8113ea1ad2cea88083d707983c776a3a32b86e3e8bbf45c8cbdaebf27c4144f8
polkit-debuginfo-0.115-13.el8_5.2.aarch64.rpm
SHA-256: 320dcbc2376541d4c17e1927f6b27fa8f9f51d1673a8b565f0f7b4e7d6f61416
polkit-debugsource-0.115-13.el8_5.2.aarch64.rpm
SHA-256: cb9d80f0f732a046170f179bf24eb7cf1bfc21ffd0b1346098c97083fa76a271
polkit-devel-0.115-13.el8_5.2.aarch64.rpm
SHA-256: 835086cd8a78bef5b019cb2302fc227100c03d2bb085f702e5d776c316920efa
polkit-docs-0.115-13.el8_5.2.noarch.rpm
SHA-256: 4fecccf8e43f13de96cc08b44476aed7f05bd7285413dbc4848a5c2a5bd62678
polkit-libs-0.115-13.el8_5.2.aarch64.rpm
SHA-256: f3536a230683afe22d3f1e9491b851cda1be68e1f3a33dec99ddb4552ff71068
polkit-libs-debuginfo-0.115-13.el8_5.2.aarch64.rpm
SHA-256: 8edaaf4ceb6ec832db92fa2f26334951c4c5b1dc14788145e1f2b604c8401883
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache
Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...
An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution