Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8840: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1292: openssl: c_rehash script allows command injection
  • CVE-2022-2068: openssl: the c_rehash script allows command injection
  • CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  • CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds
  • CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling
  • CVE-2022-28330: httpd: mod_isapi: out-of-bounds read
  • CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite()
  • CVE-2022-28615: httpd: Out-of-bounds read in ap_strcmp_match()
  • CVE-2022-30522: httpd: mod_sed: DoS vulnerability
  • CVE-2022-31813: httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
  • CVE-2022-32206: curl: HTTP compression denial of service
  • CVE-2022-32207: curl: Unpreserved file permissions
  • CVE-2022-32208: curl: FTP-KRB bad message verification
  • CVE-2022-32221: curl: POST following PUT confusion
  • CVE-2022-35252: curl: control code in cookie denial of service
  • CVE-2022-42915: curl: HTTP proxy double-free
  • CVE-2022-42916: curl: HSTS bypass via IDN
Red Hat Security Data
#sql#vulnerability#linux#red_hat#dos#apache#perl#ldap#buffer_overflow#sap#ssl

Synopsis

Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Core Services.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • curl: HSTS bypass via IDN (CVE-2022-42916)
  • curl: HTTP proxy double-free (CVE-2022-42915)
  • curl: POST following PUT confusion (CVE-2022-32221)
  • httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
  • httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
  • httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
  • httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
  • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
  • curl: control code in cookie denial of service (CVE-2022-35252)
  • jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
  • curl: Unpreserved file permissions (CVE-2022-32207)
  • curl: various flaws (CVE-2022-32206 CVE-2022-32208)
  • openssl: the c_rehash script allows command injection (CVE-2022-2068)
  • openssl: c_rehash script allows command injection (CVE-2022-1292)
  • jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
  • jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat JBoss Core Services 1 for RHEL 8 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 7 x86_64

Fixes

  • BZ - 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds
  • BZ - 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  • BZ - 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
  • BZ - 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
  • BZ - 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read
  • BZ - 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()
  • BZ - 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()
  • BZ - 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
  • BZ - 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
  • BZ - 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
  • BZ - 2099300 - CVE-2022-32206 curl: HTTP compression denial of service
  • BZ - 2099305 - CVE-2022-32207 curl: Unpreserved file permissions
  • BZ - 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
  • BZ - 2120718 - CVE-2022-35252 curl: control code in cookie denial of service
  • BZ - 2135411 - CVE-2022-32221 curl: POST following PUT confusion
  • BZ - 2135413 - CVE-2022-42915 curl: HTTP proxy double-free
  • BZ - 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN

CVEs

  • CVE-2022-1292
  • CVE-2022-2068
  • CVE-2022-22721
  • CVE-2022-23943
  • CVE-2022-26377
  • CVE-2022-28330
  • CVE-2022-28614
  • CVE-2022-28615
  • CVE-2022-30522
  • CVE-2022-31813
  • CVE-2022-32206
  • CVE-2022-32207
  • CVE-2022-32208
  • CVE-2022-32221
  • CVE-2022-35252
  • CVE-2022-42915
  • CVE-2022-42916

Red Hat JBoss Core Services 1 for RHEL 8

SRPM

jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm

SHA-256: d1fbc061379fd791418f2b3598691a9c18cfe44de6181f29e8b670397fba619e

jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm

SHA-256: bf1d6afa18b4e245c5c03519712ded57959f0aa75f4103ff634d0ddc9b29af96

jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm

SHA-256: 99c1517cd8418267446ca0e273d2e33dbb3b234334d4c09a5ee0e6efd0075fce

jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm

SHA-256: 6cf19e2b0d6ce8cda53c3421ba664f9cc3970afc942ff05bf68c8ad6a629e30f

jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm

SHA-256: f48bbcdac114a52ef47f82fc470cafa4ebeecc37a2ea404c498a8d6862bc1205

jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm

SHA-256: 0a37f20d22db8b2db346ddac083a7438e8e52dc4e5b9a4e72cb81397ac768027

jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm

SHA-256: 537e934d33391070b24a31837da8d6b721cc1a8cfc4705bdb53437feda506f06

jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm

SHA-256: b0d7dce65d56fc3e8f8a48a37e574c276088c3c88bac18356c7c7a2c20578e50

jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm

SHA-256: 464e7a1d2d0dde6b69970be7c05509d17ba93f8b6a68ff02a59c557648997ff0

jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm

SHA-256: 0e77f240d9c01a07f2b2ff382d19b1296e4eb09adcacec65b85ffa772acee164

jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm

SHA-256: 4c28c5faa8a47b5b2bc9063b1839580912a958730429c510f23c4a1fbd43992f

jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm

SHA-256: 226e21bf1cccaa707dec0e5c46d0671f8705754ed5c2d6363db60dbf58f5c693

x86_64

jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: ffbd1c968aae1d91a416e2cc99596bbc4fd1ce97b712eec93f29e803f5c6faf8

jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 2af56940ae7e18fb8b485e83c662fae7dd6e16f3cc29be7effa553f3427ef5af

jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 93089e2c0ad59763ccb5458518763d5ebb7b5c269789496c248bce0d783f07ff

jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 3881742020f3fc99f16cda5322537b9e58e61593de82d9c92e66fb15c333e166

jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 9fe3ceeb595baa104db53a48509d627c94e5153433389294abae87961723906c

jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 6fb5ecffb9796de70f2ad1c9c2df8c4ce3af71bcbf6c627e021d8d8004cd38f0

jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 4c3c757bf93e02cd8721c4d4c8c1889c3683b97b02dfeb49515677826ac671c7

jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 54f202e77762c9104e8d3683d4ec7f762a5c7bf40c24249565ed89477618d389

jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: dbc524b6650450d11d4b0117e2686245f22d3c89f191aaa9ad4bad771f41f23d

jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 0f70d192a1ea5f1efc832b0f926ce8dea156eb643a4fab15323a2901f5cdf905

jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 54b1f66d04b2eac860d922096fac61f09ecb744af7efc92da8387162b4a4fba8

jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: dbd0a9c8ca6bc9ec8f7eaa482d6e8c270e73467634ce9557592184c2279bde69

jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 42e0dc882b3da732a16af44f6b143421b497a7718343c77b8ffd74ce018e27dc

jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 334dba27474f05d098f5e6a8b0dc62b25585c3a437b81b3196c839e797fd1a82

jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 9f892cb82501b748a7f0dd8793e5a8f02c1628f379dd82c12b1b1973def1427b

jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: fa41e2e3b4ef47524690d82e53864bbffaf10018b46b7de3dbe4f689370e241d

jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm

SHA-256: 138cf2c4c4045fcdd3f032417b055278ab23d80c776f5f4363b1a204836f7fb1

jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm

SHA-256: 089689e262486839cb844c1d2c04b622afe90c72ad17fbfd7cf2ea314bb4f217

jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm

SHA-256: 1735b2e7ac5dfcb13eb6cb14a648ed28494f7985a1bba46e9f9c04e4db0de0a6

jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 6af9f12fd8415b5bb9c36d0bf1091c3905741aab99bc8dabc3fc024bfc1534f5

jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 2feda802da2746864d0dc0194e1a705695760d53e93e559513548d8efd26e82f

jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 59827ff1128cac73b523525e0a65270a3d8b6f4062db48d9d9a1986cfc7d2393

jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm

SHA-256: a023c58fc33ed87893cdc05d856510a14fb9116e6eb2a8632972619d0913ab80

jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 5ba5cb5928bbf29799f37f0ed0fa1334c83446e38a42e5de14c68aba7a6f8d04

jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: b8995bb894409896f53d6da65c6dafe7441eb25586b51d77bdb0c943451252b3

jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: c5904f48b2d612fc566d3bb8f4d21181f8bb9055f661b59de772e7a6ef171f58

jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm

SHA-256: bcbfe125ba4992845ac505e23a93f32d76a9fcf57a0b0eb3f062353458cd9adf

jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm

SHA-256: d6f13de9776298037372895e0e485d004191fe61a8be4c517a10dc188bcd016d

jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm

SHA-256: b59ef4fd07951b355e83ad7f9d203b8fc7264989c3af9915c219dee0eae1e219

jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm

SHA-256: d77cabcd2a0bb56d0d95203c9825825500ea06ec6df67de00acef9d00719f4e4

jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm

SHA-256: 717cacaa0942df94fce39e0abb64a7edc2c23fcbf817dee624cd32d1d246f348

jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm

SHA-256: 3ef12c3ba300c0dbdbbdc2c93acbe937521dcfd04af588a65f549ec39d6e81d9

jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm

SHA-256: da0dc20582f2ca70f7d0691d8fa3509880c74464d19bcf1d7728334684244965

jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: d60399f8187170fdcf7f8f88b03413fd1c82dfbbaaaea9a2ae3601136075cad2

jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: bc1f8b8de337dabf68fdf8f714361f02bd3ee1f5f80c50109b73d8a55cb60a73

jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm

SHA-256: 78f559aec11210b0d6fca3159c146a20619300df3ffe4e83a58b934a79b02078

jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm

SHA-256: 48deb377e32c6f8c6a96c6062b137e1c69ee85f5068bbb19011228442770d100

jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm

SHA-256: 22fb8a2bfc2a9e07ec595784522cd4fd1205fa52e719632c664af2869051dd3c

jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm

SHA-256: 5b9b6f58533a2a7ceb9fa4a909a0e6e38b02c67b62640934645fd043a516f7d3

jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 47de506219062ba5d2cde020f24d4c85dab022f184a7988b709308d480955604

jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 2e9b396a9c103f0a75aaae119fbd334e939aa6fb4a657baeb06f809f1ccf72e0

jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm

SHA-256: beacbc1c2166b559757bd6cfe5528749c3f95d2c8437afd517157cb1e9318a85

jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm

SHA-256: 880b98a129260e5ae0ea94fd8fa23cfef7b220b788a4730f2c215851702b0919

jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 6302f75975948253f386832f8a7506a863c8d40dbf740fb626d2c1f5f5cac7d1

jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: ea68be3e13125033507ab900a669628482c470339df598d791b6136761cd2cec

jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: 7f24ab3e81f91b17964d32e0105a0065562a80cde6f2522f14d901ccda1c94ad

jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm

SHA-256: cc2fdbc03b103c30ac68542564d801a82a8f7b50c348652b76b6a0989da3860c

jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm

SHA-256: c911e1290cb7f9d963b743c371bb6e51fdbafbe8d640f9f7558b3e5fd826f230

jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm

SHA-256: 2389c51c81fd79721cdbb2959145634bd9de62472ebc2fdb6d3a3e3ff9c09a28

jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm

SHA-256: 9dfb8c0be10ee37cfd14deeaaca93f5786fa8282836849e84bf78d29ee8de7ca

jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: 44443c4edd3869f804c622b2059222f972c5fc685a697bdc6e39bab47a8a23f7

jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm

SHA-256: 6d978b4d3b5de65c51d1783bdd77e5278ddef038153fee6a645c99e5bd1c8798

jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm

SHA-256: 4be6463151182d85374e6c7080065ec0b6de4e74da471c45003504f6bfe3deaa

jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: 096390c51266793dddd37687b79acd915f395bec128a7522f5e502b234378108

jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: adae97b7a85a09ba9668a351201682f9c5270ec598bd292fc8290b7cebaafee9

jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: 747117a881782691585fecf97af42a21aae34a544aceb474329c915f5abf9990

jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: 945abe9e859d435bd1f5eded4e4af5b44308435474a327fe2aa351cda03db416

jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: e67b05896f5ff886fbbe3cf04cd51be249b7f072ff47115c1ddf9a1074b9eb84

jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm

SHA-256: 640f4b07bee23f9e17ea20cfa050fc6d9df18f98c3094bd2fc6325b404c74c31

jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm

SHA-256: 36ae90574447767b4cfced41864473bb2d8517ebac6cda00052d3755a68b2aca

jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm

SHA-256: f4d592fc659ce0df7b6990b981f70b25236a20912733e69a34c001bc2a4044ba

Red Hat JBoss Core Services 1 for RHEL 7

SRPM

jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm

SHA-256: 865f525afb902ce4fe4a15024d184f404bb621476ea6aa3fd4eedd18b7fc2048

jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm

SHA-256: 927a15270a09ab3f9c280fbd094dd525592e00862e49bb1952369c54f9e1b634

jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm

SHA-256: b30ace42b71cfe9b0771f62eb3b261cd0ad885c3e144c99e5a48fb994903279a

jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm

SHA-256: 15254269b42bf5d8be0599394002dcffbd7660fbc76e3ad027d26724bc65d10c

jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm

SHA-256: 721f38bacb53803adb98388de8f4b3c2f77ab4d4099d51580f07f66808bc9ea4

jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm

SHA-256: 3903c467b68a8ba9d2494d4c66ae1772ad9722da5e26c7fc30c61ed3a40e6cca

jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm

SHA-256: 55190430ee29ed8f420dd6b4ac3bda4b6aeb60a60388b1aeae2b03b49c4af599

jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm

SHA-256: 29956b1aa2282ec5a7d1ff97040d8dda46e4fb4f4f977a60f973983c18761e56

jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm

SHA-256: 501c6befe864276c91e2fe4f9eec35ca97ec7e5f92af895e3dbedd0aeea6c40e

jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm

SHA-256: d1671e0ce9a3b4dc3e350f0f382579c9969117aa9b87e18974093fc00b649e24

jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm

SHA-256: 49a3697079a92aeb2b5fba9f34c9a9f9c2369a5de97997e81c3b76fe258c3a4f

jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm

SHA-256: 027b6bf3a0b2b38ce784d1dcd762c2db0ff246468f78cae1306e44fc8447b51d

x86_64

jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 21b59848e56ad27534bbd6fb08622b6d7cac7e08cce3fe2f9b33918fc12ccf10

jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 244d3bec9193fbd276726e1eb135322b31937504e5b71dec3c2a53dec2eb4641

jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: aa877215fd7353bf9ef5a915c71ad6adcc3582039e9e249a00dcefd61b079fbb

jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: a599016bd02aff072669faf491dbef799a5ce1b074ac75daa6a815d336bcbe63

jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 270c92e5241ccd802185dbca639d5068a4b297b7647ccdde7c9eb97a98dce8d4

jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: fd251b00a66d881020d4c08e55122e79244418fb8e1ad206298bc033a86f7c5a

jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 8626369adb45f7c28ba99f67bdb3e53100baa9e77d41b3fdd50e3edd1aea53b5

jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 8c31d3c29ab0fe828628ab2ba4ce4a868ef6b5c308b320716200df2ec9408c66

jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 8b806ec60617665e2ba1b59f4c0490c36777cb838739b7385f22959f1dafc5ca

jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm

SHA-256: 5874a8cede6dcded78aefda1c6056d76c33d82f536bd68288720a725ef6f1727

jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm

SHA-256: d46090fb923ffe8c068e91c38ca7493ec86ac94f9705b13e6acfd6667233b267

jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm

SHA-256: 3aa32f27115a7f55f10603bbbeceb7afcdcfdd2856b10b887df1c874254de643

jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: ff84401ddedb1d4a81a5f7a895472bd341b3df637f151aa87b717568f4a923ae

jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: 7b7d2c39572501d796fadaeb828208940e9923c71ddd5b686f960c7b30853a64

jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: 17434cc85a3059ff9cfd07755e2b566e8633a61e6e6eeb2d542c806bd9160241

jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm

SHA-256: 24defb3398f935592da7a47420f56591554160c78cefd684bac88b7a663d924c

jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: d7580ac1ccdcd4c10b987a82caa23ae62878e22de89f5eee08902e261ed9c341

jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: 228e795d006fcbc70dc36e1404afd925656a6e227c819755f4988c9cba3bc4c8

jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm

SHA-256: 3cbba5503b2ca0d912dc3b4bebe6b8f6c3cc1f5c95109bc91ecb91e2997030ca

jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm

SHA-256: fa0640e8396362cebae4ad5530625aff0cf58a6159883893644dddeed5f1e6c3

jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm

SHA-256: 5c6a61a4047862bd80e386ecf84d7571abffae05b1be51965a5dd5cc7cde804f

jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm

SHA-256: 38cf337d702032cdef8a99cdddd9b1d755b9629e08e083ed4531a2d815a3b1da

jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm

SHA-256: 487005a95b4900c4c9201696a8fe67c5b6064119b44bf165ab1d0695963b3fb9

jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm

SHA-256: 6b39b2e8cefebc9bd74a6845a58db032b0a5d7d94681cebe65502ca66c411370

jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: b671856bd0423d907659c31ffcc6f618f46f98f827c7dc891cfbb550f89d7524

jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm

SHA-256: cb826ec236acc5e63e6a8d9963396aae4d7f6ae1036e46c490ae2c2b9cae4e84

jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm

SHA-256: 54c63c35920574f190d2b3e5366eba68c4be4880ef9b75673a28e667022d5168

jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm

SHA-256: 548f60f15d823bc280d1efe235aad43b791088618ceae3613d7dfedfe24292cc

jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm

SHA-256: 7404ef00272bdef257569e48383bb3f221a56292a9e5bb6b5c9712bd8575c9e2

jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: da7641bddee67d7c90f043f0b98b7718f966155278ae344038120b8997af3aea

jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm

SHA-256: 916a71d91e423e1d37d085b3338c9ad5a60a586689d8f10d56eb6bc9774697f1

jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm

SHA-256: c8a9ece868d51c00a7d9be61d17db9c2bb62bd82fb22d0b4a3d10f5f65868acb

jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: e6ca44afc7647d76fd09a70a33b52766b39f9f50930436c84862f5c345fa9396

jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm

SHA-256: 350f638111f24249080e74cc9084fdc3ad64e487c7a1bfae0f80ac2cdd40615c

jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm

SHA-256: f5a1075b9ab2d3b39df1b0cdb3065991ac1e452b1b95f588108708b89a0242d6

jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm

SHA-256: 1e6975eba00d72f05b57294577c706f061d13893edae8794f3b91b6241125f3c

jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm

SHA-256: 6a8e7280a25db0cf25ae7f6d976ba69df3c6a59b5087f16ef15bfe316599c8fc

jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: 5f1a81e145098595c3ec66ebd9b5653db8675d71a441b7c8fdebb416d19e9dda

jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm

SHA-256: 32b9f1762174efdd6cc0a96b18efcbbec74c9ab790a66609ee8cc594aaf7ab55

jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm

SHA-256: 9461089d506e586e74d187ff6440debcd157360a3a1a88b2cb94d7aac5420457

jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: 4a0b83d92efeebcdfa90d6b8bd703aa2d7f4a9ecabecdabe98b5b3a04b2bd7a4

jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: 4a5ae564183e9d6a302a7d91210856512b7a9936cee857f83afa80d7d3a2b9b4

jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: de05e7efa6c94de4d27c3cd9cf3c9f4a794f33bd450abfcf7cffee070935755f

jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: 76b05be0a1560409a2d5c9085b374efc7b4867c0b9acee4caa063761a15b1d5f

jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm

SHA-256: f331181be07eacad0240a33fd4dca3e989165f6f4608868b4940005b389983e8

jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm

SHA-256: 6ba390b56dd6f6a8c7d0f571c74ee3bd8d878cc307064913d11e8c5f96609ecd

jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm

SHA-256: da0b394c782c75da59b73b3b42fc04188c7318808df829c0eb5e1efa64d73da4

Related news

Ubuntu Security Notice USN-7018-1

Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-4576-01

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-2963-01

Red Hat Security Advisory 2023-2963-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include file download and use-after-free vulnerabilities.

RHSA-2023:2963: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35252: A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This is...

RHSA-2023:2478: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35252: A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This is...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-25942: DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.

CVE-2023-23512: About the security content of macOS Ventura 13.2

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection

CVE-2022-47986: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

CVE-2022-46679: DSA-2022-323: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Debian Security Advisory 5330-1

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

CVE-2023-24493: [R2] Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.

Ubuntu Security Notice USN-5823-1

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Apple Security Advisory 2023-01-23-6

Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 2023-01-23-5

Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2023-01-23-4

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

RHSA-2023:0333: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: curl: POST following PUT confusion

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

CVE-2022-29838: WDC-22019 My Cloud Firmware Version 5.25.124 | Western Digital

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Red Hat Security Advisory 2022-8840-01

Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

CVE-2022-32221

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

CVE-2022-29837: WDC-22018 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 8.12.0-178 | Western Digital

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite(...

RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite(...

RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite(...

RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite(...

RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite(...

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

RHSA-2022:7647: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...

RHSA-2022:7647: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...

RHSA-2022:7647: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...

RHSA-2022:7647: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...

RHSA-2022:7647: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-42915: curl - HTTP proxy double-free

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.

CVE-2022-42916: curl - HSTS bypass via IDN

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

Ubuntu Security Notice USN-5702-2

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-43747: S-2022-01 | baramundi

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

RHSA-2022:6753: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...

RHSA-2022:6753: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...

RHSA-2022:6753: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...

RHSA-2022:6753: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...

RHSA-2022:6753: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Red Hat Security Advisory 2022-6422-01

Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6422-01

Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6422-01

Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

RHSA-2022:6422: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes

Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2

RHSA-2022:6422: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes

Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Red Hat Security Advisory 2022-6287-01

Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6287-01

Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6287: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:6287: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:6344: Red Hat Security Advisory: Logging Subsystem 5.5.1 Security and Bug Fix Update

Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6344: Red Hat Security Advisory: Logging Subsystem 5.5.1 Security and Bug Fix Update

Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6182: Red Hat Security Advisory: Openshift Logging Security and Bug Fix update (5.3.11)

Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6182: Red Hat Security Advisory: Openshift Logging Security and Bug Fix update (5.3.11)

Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6182: Red Hat Security Advisory: Openshift Logging Security and Bug Fix update (5.3.11)

Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6182: Red Hat Security Advisory: Openshift Logging Security and Bug Fix update (5.3.11)

Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Ubuntu Security Notice USN-5587-1

Ubuntu Security Notice 5587-1 - Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP server might return a 400 response. A malicious cookie host could possibly use this to cause denial-of-service.

Red Hat Security Advisory 2022-6184-01

Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.

Red Hat Security Advisory 2022-6184-01

Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.

Red Hat Security Advisory 2022-6157-01

Red Hat Security Advisory 2022-6157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6157: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: curl: HTTP compression denial of service * CVE-2022-32207: curl: Unpreserved file permissions * CVE-2022-32208: curl: FTP-KRB bad message verification

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

RHSA-2022:6024: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources

RHSA-2022:6024: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27933: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27936: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-26656: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-26657: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-25357: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27933: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-25357: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

CVE-2022-26657: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-32207

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Ubuntu Security Notice USN-5495-1

Ubuntu Security Notice 5495-1 - Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5487-2

Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.

Ubuntu Security Notice USN-5487-2

Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.

Ubuntu Security Notice USN-5487-2

Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.

Ubuntu Security Notice USN-5487-2

Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.

Ubuntu Security Notice USN-5487-2

Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.

Ubuntu Security Notice USN-5487-1

Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-5487-1

Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-5487-1

Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-5487-1

Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-5487-1

Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.

CVE-2022-28330: security - CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2020-9490: Apache HTTP Server 2.4 vulnerabilities

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.