Headline
RHSA-2022:4582: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
発行日:
2022-05-17
更新日:
2022-05-17
RHSA-2022:4582 - Security Advisory
- 概要
- 更新パッケージ
概要
Important: gzip security update
タイプ/重大度
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
トピック
An update for gzip is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
Security Fix(es):
- gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
影響を受ける製品
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
修正
- BZ - 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability
参考資料
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux for x86_64 9
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
x86_64
gzip-1.10-9.el9_0.x86_64.rpm
SHA-256: 7627a5f9fc08a3fa2df6fcb6789d326187af9687539afe5877ebd6e855356b37
gzip-debuginfo-1.10-9.el9_0.x86_64.rpm
SHA-256: cc0ed9be46b3a55045e337a9431ac70b3c7cada7beadf9d96e5902769f78600d
gzip-debugsource-1.10-9.el9_0.x86_64.rpm
SHA-256: bb3241bfcb97ac2b5b6a7216668f2f2a7092069f500ded59a0e060a542d442e4
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
x86_64
gzip-1.10-9.el9_0.x86_64.rpm
SHA-256: 7627a5f9fc08a3fa2df6fcb6789d326187af9687539afe5877ebd6e855356b37
gzip-debuginfo-1.10-9.el9_0.x86_64.rpm
SHA-256: cc0ed9be46b3a55045e337a9431ac70b3c7cada7beadf9d96e5902769f78600d
gzip-debugsource-1.10-9.el9_0.x86_64.rpm
SHA-256: bb3241bfcb97ac2b5b6a7216668f2f2a7092069f500ded59a0e060a542d442e4
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
s390x
gzip-1.10-9.el9_0.s390x.rpm
SHA-256: e63327894a0a248fda8bdba00df55e989cc61d7d4fe0e8924b80b81128b08755
gzip-debuginfo-1.10-9.el9_0.s390x.rpm
SHA-256: e49eb87041fcd425f198e6b531f1f1175cff34bd23f31ef74b2367aa51f89562
gzip-debugsource-1.10-9.el9_0.s390x.rpm
SHA-256: b4326832788b77e4575bd4491554a45a0ff6a22d423fbbdd11968c4e2cc8727b
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
s390x
gzip-1.10-9.el9_0.s390x.rpm
SHA-256: e63327894a0a248fda8bdba00df55e989cc61d7d4fe0e8924b80b81128b08755
gzip-debuginfo-1.10-9.el9_0.s390x.rpm
SHA-256: e49eb87041fcd425f198e6b531f1f1175cff34bd23f31ef74b2367aa51f89562
gzip-debugsource-1.10-9.el9_0.s390x.rpm
SHA-256: b4326832788b77e4575bd4491554a45a0ff6a22d423fbbdd11968c4e2cc8727b
Red Hat Enterprise Linux for Power, little endian 9
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
ppc64le
gzip-1.10-9.el9_0.ppc64le.rpm
SHA-256: ac95b15f6686806bf6038ea9afd464fa59d5a5d6f60b00b128ce64e4ce4a7adb
gzip-debuginfo-1.10-9.el9_0.ppc64le.rpm
SHA-256: f544d634ee559d69e9c59ba96fc62251ee59bbee20e8cad6ef95c8a22cfe5f39
gzip-debugsource-1.10-9.el9_0.ppc64le.rpm
SHA-256: cda68f70d186f5a9a94f53c7330d3c29ba42554bd73b7b9baf9829196b988b96
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
ppc64le
gzip-1.10-9.el9_0.ppc64le.rpm
SHA-256: ac95b15f6686806bf6038ea9afd464fa59d5a5d6f60b00b128ce64e4ce4a7adb
gzip-debuginfo-1.10-9.el9_0.ppc64le.rpm
SHA-256: f544d634ee559d69e9c59ba96fc62251ee59bbee20e8cad6ef95c8a22cfe5f39
gzip-debugsource-1.10-9.el9_0.ppc64le.rpm
SHA-256: cda68f70d186f5a9a94f53c7330d3c29ba42554bd73b7b9baf9829196b988b96
Red Hat Enterprise Linux for ARM 64 9
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
aarch64
gzip-1.10-9.el9_0.aarch64.rpm
SHA-256: fa122a7dfb5b5b3a05b9c56bf17473eaa04e7f1afce5d17f49903488c794e621
gzip-debuginfo-1.10-9.el9_0.aarch64.rpm
SHA-256: 8d5ff7b9553e864ac7696bf9116abfe34ac2f3329e0922d4c0cc3b0e67ab953d
gzip-debugsource-1.10-9.el9_0.aarch64.rpm
SHA-256: c34a3fdaedcb35b63410f9d1a59b47ae655222c8cefe7b4ec079d7b7617838f3
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
aarch64
gzip-1.10-9.el9_0.aarch64.rpm
SHA-256: fa122a7dfb5b5b3a05b9c56bf17473eaa04e7f1afce5d17f49903488c794e621
gzip-debuginfo-1.10-9.el9_0.aarch64.rpm
SHA-256: 8d5ff7b9553e864ac7696bf9116abfe34ac2f3329e0922d4c0cc3b0e67ab953d
gzip-debugsource-1.10-9.el9_0.aarch64.rpm
SHA-256: c34a3fdaedcb35b63410f9d1a59b47ae655222c8cefe7b4ec079d7b7617838f3
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
ppc64le
gzip-1.10-9.el9_0.ppc64le.rpm
SHA-256: ac95b15f6686806bf6038ea9afd464fa59d5a5d6f60b00b128ce64e4ce4a7adb
gzip-debuginfo-1.10-9.el9_0.ppc64le.rpm
SHA-256: f544d634ee559d69e9c59ba96fc62251ee59bbee20e8cad6ef95c8a22cfe5f39
gzip-debugsource-1.10-9.el9_0.ppc64le.rpm
SHA-256: cda68f70d186f5a9a94f53c7330d3c29ba42554bd73b7b9baf9829196b988b96
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
x86_64
gzip-1.10-9.el9_0.x86_64.rpm
SHA-256: 7627a5f9fc08a3fa2df6fcb6789d326187af9687539afe5877ebd6e855356b37
gzip-debuginfo-1.10-9.el9_0.x86_64.rpm
SHA-256: cc0ed9be46b3a55045e337a9431ac70b3c7cada7beadf9d96e5902769f78600d
gzip-debugsource-1.10-9.el9_0.x86_64.rpm
SHA-256: bb3241bfcb97ac2b5b6a7216668f2f2a7092069f500ded59a0e060a542d442e4
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
aarch64
gzip-1.10-9.el9_0.aarch64.rpm
SHA-256: fa122a7dfb5b5b3a05b9c56bf17473eaa04e7f1afce5d17f49903488c794e621
gzip-debuginfo-1.10-9.el9_0.aarch64.rpm
SHA-256: 8d5ff7b9553e864ac7696bf9116abfe34ac2f3329e0922d4c0cc3b0e67ab953d
gzip-debugsource-1.10-9.el9_0.aarch64.rpm
SHA-256: c34a3fdaedcb35b63410f9d1a59b47ae655222c8cefe7b4ec079d7b7617838f3
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
gzip-1.10-9.el9_0.src.rpm
SHA-256: 946476cecf9ac4710667fa8aff73eacd6767eb143433cb134e8c3100f6b4ce04
s390x
gzip-1.10-9.el9_0.s390x.rpm
SHA-256: e63327894a0a248fda8bdba00df55e989cc61d7d4fe0e8924b80b81128b08755
gzip-debuginfo-1.10-9.el9_0.s390x.rpm
SHA-256: e49eb87041fcd425f198e6b531f1f1175cff34bd23f31ef74b2367aa51f89562
gzip-debugsource-1.10-9.el9_0.s390x.rpm
SHA-256: b4326832788b77e4575bd4491554a45a0ff6a22d423fbbdd11968c4e2cc8727b
Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
Related news
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...
Red Hat Security Advisory 2022-5192-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug * CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. * CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI * CVE-2022-31036: argocd: vulnerable to a symlink followin...
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xz is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Red Hat Security Advisory 2022-4582-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0778: openssl:...
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23820: json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion
Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.
Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.
Red Hat Security Advisory 2022-2268-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.51.
Red Hat OpenShift Container Platform release 4.8.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file
Red Hat Security Advisory 2022-2283-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.35.
Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-2218-01 - Openshift Logging Bug Fix Release. Issues addressed include HTTP request smuggling, denial of service, and man-in-the-middle vulnerabilities.
Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to...
Openshift Logging Bug Fix Release (5.2.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead t...
An update for gzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Logging Subsystem 5.4.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-21698: prometheus/client_golang: Denial of service u...
Red Hat Security Advisory 2022-1679-01 - New Cryostat 2.1.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes as well as security issues being addressed.
Red Hat OpenStack Platform 16.2 (Train) director Operator containers are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-11253: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service * CVE-2019-19794: golang-github-miekg-dns: predictable TXID can lead to response forgeries * CVE-2020-15257: containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation * CVE-2021-29482: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service * CVE-2021-32760: containerd: pulling and extracting crafted container image may result in Unix file permission changes
New Cryostat 2.1.0 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3121: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation