Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0340: Red Hat Security Advisory: bash security update

An update for bash is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3715: bash: a heap-buffer-overflow in valid_parameter_transform
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-23

Updated:

2023-01-23

RHSA-2023:0340 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: bash security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bash is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.

Security Fix(es):

  • bash: a heap-buffer-overflow in valid_parameter_transform (CVE-2022-3715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2126720 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform

Red Hat Enterprise Linux for x86_64 9

SRPM

bash-5.1.8-6.el9_1.src.rpm

SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175

x86_64

bash-5.1.8-6.el9_1.x86_64.rpm

SHA-256: 90603777c369e7e4266971d06a7c0bc33f3493b7ddf6904a7d141abe2e7b287f

bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm

SHA-256: 656155a92bc8fb5318615281ad3b7e1b41b912200440f0871660556deaaaecea

bash-debugsource-5.1.8-6.el9_1.x86_64.rpm

SHA-256: 7cdb08de3eac4dd93ad9dd7e7896129ac39fc7a6a22389ac1bcf77148929e0d7

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

bash-5.1.8-6.el9_1.src.rpm

SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175

s390x

bash-5.1.8-6.el9_1.s390x.rpm

SHA-256: 24057d188ad49c700f61eff9c75c2e7a7a2de6f8b090bc43f0988996e0e37f93

bash-debuginfo-5.1.8-6.el9_1.s390x.rpm

SHA-256: ce92643fdfa837221659ef22703ed50d1e24dd2f1ec480112862fe16c6d68b7c

bash-debugsource-5.1.8-6.el9_1.s390x.rpm

SHA-256: 2bd0bd4ffd8c652b4a0f6aa3617d1760f5a26a051bc13da88ebd574b77759ce2

Red Hat Enterprise Linux for Power, little endian 9

SRPM

bash-5.1.8-6.el9_1.src.rpm

SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175

ppc64le

bash-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: 098f16bb4d02110e6350dcbec2156db050941dba689b1ee122438b787bc573bb

bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: c90555dce068ad1e584873d9be4d3a96bedb2d04509011d4c747bd5e6d393fe2

bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: 0208e18c51ebb0e5752774d317b81df2be2573e74a765629af176e823471ab63

Red Hat Enterprise Linux for ARM 64 9

SRPM

bash-5.1.8-6.el9_1.src.rpm

SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175

aarch64

bash-5.1.8-6.el9_1.aarch64.rpm

SHA-256: e3b5b62c6ab76438013789260cefe41f3ea409acb4257f6215da364566f56ad1

bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm

SHA-256: a51a87026a67880cea497e79703786f8bfc92821b0a664e8a12e932b766bbdcc

bash-debugsource-5.1.8-6.el9_1.aarch64.rpm

SHA-256: 130a0cdf37391e017caf361075daac08a193668d5676f535147e2a3b79dde22b

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm

SHA-256: 656155a92bc8fb5318615281ad3b7e1b41b912200440f0871660556deaaaecea

bash-debugsource-5.1.8-6.el9_1.x86_64.rpm

SHA-256: 7cdb08de3eac4dd93ad9dd7e7896129ac39fc7a6a22389ac1bcf77148929e0d7

bash-devel-5.1.8-6.el9_1.x86_64.rpm

SHA-256: a4ba6ae50570096fb71f79c4ef2151036738b1e276f4b0315de61bbf67d85285

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: c90555dce068ad1e584873d9be4d3a96bedb2d04509011d4c747bd5e6d393fe2

bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: 0208e18c51ebb0e5752774d317b81df2be2573e74a765629af176e823471ab63

bash-devel-5.1.8-6.el9_1.ppc64le.rpm

SHA-256: 49d66866f5b17af59e4db3cb6265ff857d5539ec116a1428faff08f242e93507

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm

SHA-256: a51a87026a67880cea497e79703786f8bfc92821b0a664e8a12e932b766bbdcc

bash-debugsource-5.1.8-6.el9_1.aarch64.rpm

SHA-256: 130a0cdf37391e017caf361075daac08a193668d5676f535147e2a3b79dde22b

bash-devel-5.1.8-6.el9_1.aarch64.rpm

SHA-256: 0e79ba306b4340508f21dfb2cf370732f7139a17b5bf561ef6df2c9e6bf7a535

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

bash-debuginfo-5.1.8-6.el9_1.s390x.rpm

SHA-256: ce92643fdfa837221659ef22703ed50d1e24dd2f1ec480112862fe16c6d68b7c

bash-debugsource-5.1.8-6.el9_1.s390x.rpm

SHA-256: 2bd0bd4ffd8c652b4a0f6aa3617d1760f5a26a051bc13da88ebd574b77759ce2

bash-devel-5.1.8-6.el9_1.s390x.rpm

SHA-256: b39436f40518bf26f748f5ec36af25de7c3d7c05b9acb529551e77c3e4141a20

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-4290-01

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-0786-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE-2022-3715: Invalid Bug ID

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]