Headline
RHSA-2022:6181: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
Synopsis
Important: rsync security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rsync is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Security Fix(es):
- rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2110928 - CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers
Red Hat Enterprise Linux for x86_64 9
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
x86_64
rsync-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: b43834faac7ff0063731fdc7409cb1268620c5d0b7df5fe17516c53eddd8d3c2
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 7b2ffd681c1f5014b3a7a9d6788c891ae45bdbbd007c268bc05835e017f4f179
rsync-debugsource-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 2463c0caa45b401bf7dc87ebbf5331a7a56e97eddfeee1714d2e8f9938ca8f92
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
x86_64
rsync-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: b43834faac7ff0063731fdc7409cb1268620c5d0b7df5fe17516c53eddd8d3c2
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 7b2ffd681c1f5014b3a7a9d6788c891ae45bdbbd007c268bc05835e017f4f179
rsync-debugsource-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 2463c0caa45b401bf7dc87ebbf5331a7a56e97eddfeee1714d2e8f9938ca8f92
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
s390x
rsync-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 24eaf95fd99e671db0cc72c7d1d17cd5c581ed10139968d03e4262eaeaead34c
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 9046d6f64a749dcd11696f32feec8327562b942138aff059a1e0a8f22c35c8d7
rsync-debugsource-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 0b9e1b0e7478e09f98ecf36f4b3b1af1716deba4ada093d014db0385f7a0c7e4
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
s390x
rsync-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 24eaf95fd99e671db0cc72c7d1d17cd5c581ed10139968d03e4262eaeaead34c
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 9046d6f64a749dcd11696f32feec8327562b942138aff059a1e0a8f22c35c8d7
rsync-debugsource-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 0b9e1b0e7478e09f98ecf36f4b3b1af1716deba4ada093d014db0385f7a0c7e4
Red Hat Enterprise Linux for Power, little endian 9
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
ppc64le
rsync-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: aca9afc8773851c2b2ebe0ec5f89c220240128b63cf5e655d9f17c5658e762c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 12f85bd40ee6b951ba5bf8e66ae0773773bd37c702c750bcadee47766f72ff22
rsync-debugsource-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 534149e4d864fc8e937685a64d7cbd31917bf3776f51e6948265f90ebb43f2c5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
ppc64le
rsync-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: aca9afc8773851c2b2ebe0ec5f89c220240128b63cf5e655d9f17c5658e762c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 12f85bd40ee6b951ba5bf8e66ae0773773bd37c702c750bcadee47766f72ff22
rsync-debugsource-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 534149e4d864fc8e937685a64d7cbd31917bf3776f51e6948265f90ebb43f2c5
Red Hat Enterprise Linux for ARM 64 9
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
aarch64
rsync-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 9cc1be31502622b6a36bf01721ec996534849657a0ab661259675d7f94e1f2c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: e8269c2f6d9417f5cf1fd1e03d906b689f885ccc27f5bd2cdc5e95358d427732
rsync-debugsource-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 5b72436168e02cf1cb2a2c4aa4022a2b1589a21ca48b4a6eff1da4953fd430d8
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
aarch64
rsync-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 9cc1be31502622b6a36bf01721ec996534849657a0ab661259675d7f94e1f2c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: e8269c2f6d9417f5cf1fd1e03d906b689f885ccc27f5bd2cdc5e95358d427732
rsync-debugsource-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 5b72436168e02cf1cb2a2c4aa4022a2b1589a21ca48b4a6eff1da4953fd430d8
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
ppc64le
rsync-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: aca9afc8773851c2b2ebe0ec5f89c220240128b63cf5e655d9f17c5658e762c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 12f85bd40ee6b951ba5bf8e66ae0773773bd37c702c750bcadee47766f72ff22
rsync-debugsource-3.2.3-9.el9_0.2.ppc64le.rpm
SHA-256: 534149e4d864fc8e937685a64d7cbd31917bf3776f51e6948265f90ebb43f2c5
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
x86_64
rsync-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: b43834faac7ff0063731fdc7409cb1268620c5d0b7df5fe17516c53eddd8d3c2
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 7b2ffd681c1f5014b3a7a9d6788c891ae45bdbbd007c268bc05835e017f4f179
rsync-debugsource-3.2.3-9.el9_0.2.x86_64.rpm
SHA-256: 2463c0caa45b401bf7dc87ebbf5331a7a56e97eddfeee1714d2e8f9938ca8f92
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
aarch64
rsync-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 9cc1be31502622b6a36bf01721ec996534849657a0ab661259675d7f94e1f2c7
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: e8269c2f6d9417f5cf1fd1e03d906b689f885ccc27f5bd2cdc5e95358d427732
rsync-debugsource-3.2.3-9.el9_0.2.aarch64.rpm
SHA-256: 5b72436168e02cf1cb2a2c4aa4022a2b1589a21ca48b4a6eff1da4953fd430d8
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
rsync-3.2.3-9.el9_0.2.src.rpm
SHA-256: 6feb645318f248a5fea79ec337ef3527f19d63d421b2c6c11f3921210f8eb4b4
s390x
rsync-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 24eaf95fd99e671db0cc72c7d1d17cd5c581ed10139968d03e4262eaeaead34c
rsync-daemon-3.2.3-9.el9_0.2.noarch.rpm
SHA-256: 7c5236e486b02889c7dd8dad4e079dcf66e32a5209a70210b1afa68234b04c5a
rsync-debuginfo-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 9046d6f64a749dcd11696f32feec8327562b942138aff059a1e0a8f22c35c8d7
rsync-debugsource-3.2.3-9.el9_0.2.s390x.rpm
SHA-256: 0b9e1b0e7478e09f98ecf36f4b3b1af1716deba4ada093d014db0385f7a0c7e4
Related news
Gentoo Linux Security Advisory 202405-22 - Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure. Versions greater than or equal to 3.2.5_pre1 are affected.
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.
An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...
Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.
Red Hat Security Advisory 2022-6507-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 4.7.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.
Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6170-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Red Hat Security Advisory 2022-6180-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Red Hat Security Advisory 2022-6171-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
An update for rsync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).