Headline
RHSA-2023:0340: Red Hat Security Advisory: bash security update
An update for bash is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3715: bash: a heap-buffer-overflow in valid_parameter_transform
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-23
Updated:
2023-01-23
RHSA-2023:0340 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: bash security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for bash is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.
Security Fix(es):
- bash: a heap-buffer-overflow in valid_parameter_transform (CVE-2022-3715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2126720 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
Red Hat Enterprise Linux for x86_64 9
SRPM
bash-5.1.8-6.el9_1.src.rpm
SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175
x86_64
bash-5.1.8-6.el9_1.x86_64.rpm
SHA-256: 90603777c369e7e4266971d06a7c0bc33f3493b7ddf6904a7d141abe2e7b287f
bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm
SHA-256: 656155a92bc8fb5318615281ad3b7e1b41b912200440f0871660556deaaaecea
bash-debugsource-5.1.8-6.el9_1.x86_64.rpm
SHA-256: 7cdb08de3eac4dd93ad9dd7e7896129ac39fc7a6a22389ac1bcf77148929e0d7
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
bash-5.1.8-6.el9_1.src.rpm
SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175
s390x
bash-5.1.8-6.el9_1.s390x.rpm
SHA-256: 24057d188ad49c700f61eff9c75c2e7a7a2de6f8b090bc43f0988996e0e37f93
bash-debuginfo-5.1.8-6.el9_1.s390x.rpm
SHA-256: ce92643fdfa837221659ef22703ed50d1e24dd2f1ec480112862fe16c6d68b7c
bash-debugsource-5.1.8-6.el9_1.s390x.rpm
SHA-256: 2bd0bd4ffd8c652b4a0f6aa3617d1760f5a26a051bc13da88ebd574b77759ce2
Red Hat Enterprise Linux for Power, little endian 9
SRPM
bash-5.1.8-6.el9_1.src.rpm
SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175
ppc64le
bash-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: 098f16bb4d02110e6350dcbec2156db050941dba689b1ee122438b787bc573bb
bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: c90555dce068ad1e584873d9be4d3a96bedb2d04509011d4c747bd5e6d393fe2
bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: 0208e18c51ebb0e5752774d317b81df2be2573e74a765629af176e823471ab63
Red Hat Enterprise Linux for ARM 64 9
SRPM
bash-5.1.8-6.el9_1.src.rpm
SHA-256: 8fd7b4bf6a85154b6725677e7b933759cfc59c7c43e35bb7e9b5454e63513175
aarch64
bash-5.1.8-6.el9_1.aarch64.rpm
SHA-256: e3b5b62c6ab76438013789260cefe41f3ea409acb4257f6215da364566f56ad1
bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm
SHA-256: a51a87026a67880cea497e79703786f8bfc92821b0a664e8a12e932b766bbdcc
bash-debugsource-5.1.8-6.el9_1.aarch64.rpm
SHA-256: 130a0cdf37391e017caf361075daac08a193668d5676f535147e2a3b79dde22b
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm
SHA-256: 656155a92bc8fb5318615281ad3b7e1b41b912200440f0871660556deaaaecea
bash-debugsource-5.1.8-6.el9_1.x86_64.rpm
SHA-256: 7cdb08de3eac4dd93ad9dd7e7896129ac39fc7a6a22389ac1bcf77148929e0d7
bash-devel-5.1.8-6.el9_1.x86_64.rpm
SHA-256: a4ba6ae50570096fb71f79c4ef2151036738b1e276f4b0315de61bbf67d85285
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: c90555dce068ad1e584873d9be4d3a96bedb2d04509011d4c747bd5e6d393fe2
bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: 0208e18c51ebb0e5752774d317b81df2be2573e74a765629af176e823471ab63
bash-devel-5.1.8-6.el9_1.ppc64le.rpm
SHA-256: 49d66866f5b17af59e4db3cb6265ff857d5539ec116a1428faff08f242e93507
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm
SHA-256: a51a87026a67880cea497e79703786f8bfc92821b0a664e8a12e932b766bbdcc
bash-debugsource-5.1.8-6.el9_1.aarch64.rpm
SHA-256: 130a0cdf37391e017caf361075daac08a193668d5676f535147e2a3b79dde22b
bash-devel-5.1.8-6.el9_1.aarch64.rpm
SHA-256: 0e79ba306b4340508f21dfb2cf370732f7139a17b5bf561ef6df2c9e6bf7a535
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
bash-debuginfo-5.1.8-6.el9_1.s390x.rpm
SHA-256: ce92643fdfa837221659ef22703ed50d1e24dd2f1ec480112862fe16c6d68b7c
bash-debugsource-5.1.8-6.el9_1.s390x.rpm
SHA-256: 2bd0bd4ffd8c652b4a0f6aa3617d1760f5a26a051bc13da88ebd574b77759ce2
bash-devel-5.1.8-6.el9_1.s390x.rpm
SHA-256: b39436f40518bf26f748f5ec36af25de7c3d7c05b9acb529551e77c3e4141a20
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]