Headline
RHSA-2023:1392: Red Hat Security Advisory: OpenShift Container Platform 4.10.55 security update
Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-03-29
Updated:
2023-03-29
RHSA-2023:1392 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: OpenShift Container Platform 4.10.55 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2023:1391
Security Fix(es):
- mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Solution
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
You can download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests can be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are:
(For x86_64 architecture)
The image digest is sha256:cdf6e83f94d6a9beec65a429ebea6a8f5f80c19df49feb1a78b17981132b922b
(For s390x architecture)
The image digest is sha256:4784b43052f3041059e2cc586f2c3c80591ff92338817a83d3039288e1258eef
(For ppc64le architecture)
The image digest is sha256:5f1124780604fb8de06732bd407c24ac5d6d47df52ec74531d803bd187363bcf
(For aarch64 architecture)
The image digest is sha256:2595defd3ac3d1b41acbf3284d9bf3eb73ac1f58aecffa77e82766e90ee511dc
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html.
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
- OCPBUGS-10233 - [4.10] Remove ETCD liviness probe.
- OCPBUGS-10305 - 4.10 NROP OLM z-stream upgrade doesn’t work due to CSV issue
- OCPBUGS-10384 - service-monitor/monitor-metallb-controller: connection refused “"server returned HTTP status 502”
- OCPBUGS-5955 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not [backport 4.10]
- OCPBUGS-6835 - [release-4.10] Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics
- OCPBUGS-7021 - [OVN] Egress traffic not balanced when spec.egressIPs has 2 IPs
- OCPBUGS-7736 - [4.10] Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2
- OCPBUGS-837 - [RHCOS tracker] [BZ#2111937] [ice] trouble re-assigning MACs to VFs, ice stricter than other drivers [rhel-8.4.0.z]
- OCPBUGS-8513 - [4.10] egress firewall acls are deleted on restart
CVEs
- CVE-2021-20329
- CVE-2022-3564
- CVE-2022-4269
- CVE-2022-4378
- CVE-2023-0767
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
aarch64
openshift4/driver-toolkit-rhel8@sha256:eb3f96418e27fa95219d9681c0e9972ea491c03cbc89c9660d0264b112cfe291
openshift4/network-tools-rhel8@sha256:5719b062468c0707e7ac8ef58786e5f7b8797ffb437ae8b6c4c3f3895b6e8c71
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:3bff3d0cce265a2c68e9a5b9dbc9d329667e982d08b643faea571c1ec23fbd4c
openshift4/ose-cluster-etcd-rhel8-operator@sha256:cb6230fac4a9f2d728492c0475bc1701d0e1b624de64f49e8b7693c9aa4fd8e4
openshift4/ose-cluster-kube-apiserver-operator@sha256:85013b2c6d4fab4cf9ae0cf60b0a188bc5eff550d7a279c0e376423894d4b6ef
openshift4/ose-cluster-kube-scheduler-operator@sha256:93ad2db51a81dca9e09d29e2d1a1fd13296e10ab89fc89e2da1e339c8f15d177
openshift4/ose-cluster-network-operator@sha256:28283b9bf70eeeac07ab3b88d233d7725411515d21056a828ff066b7d2d8d0dc
openshift4/ose-cluster-node-tuning-operator@sha256:ae70d946c0ac216a23a8292e45253d27dede16829f6ec2b9fb621039f5d2a6f0
openshift4/ose-console@sha256:cd2cbfa0791636c3390c31d8e10739f102a5bddb7d8a7418b6d40a89e637ca2f
openshift4/ose-hyperkube@sha256:ea5397fe7ed20cae39811af39e5e5bff89592a85743ccc3e94c1be0a6cea2956
openshift4/ose-insights-rhel8-operator@sha256:a8de3444e197190ce801178864229560d9cb39a5467896cc33a7aca315943ec4
openshift4/ose-jenkins@sha256:b948be87e08b82100e3d2101c1c60c4339d6798d5bc91f8425c7960d26a09248
openshift4/ose-jenkins-agent-base@sha256:a890f6ffe7147184b3fd7a5228674dd9941f996147652a7743ab7925bfae4302
openshift4/ose-jenkins-agent-maven@sha256:ff609c7f1832a7304f1fc940b67bef203e6ae58da1726df567194aa3b0ef6d71
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:ef2247eefac5d4365dd70396d6fd093754475cb1523c4fe6620d46c8c2f2b48c
openshift4/ose-kube-proxy@sha256:de1829aacd67fd874d11618dbc11c08276db23e86db941f10f665bc849085ef5
openshift4/ose-machine-api-operator@sha256:bbf8ff7a3770180fa004863881aaf818d30403af3bf40868906cd0d5f75b42ea
openshift4/ose-multus-cni@sha256:5896e9612fc50a32bcbdf78531482407af3eae5a0dbdcf938488be7d9b9bd5b8
openshift4/ose-ovn-kubernetes@sha256:8988731d7635db12c1141dccddc36e0b5c73ed735ab0486cda642b2116311508
openshift4/ose-pod@sha256:6e9156b8418b116d54a6a5c6040177fee91b119c5f9243705a70975df19321e9
openshift4/ose-sdn-rhel8@sha256:e30bfabfede4882d2868f826cd4ae4ff296a4ef8c9dd5c03631a58fb1e6575cc
openshift4/ose-tests@sha256:c80e8dce24dda2f1c4b4a6c87d8e911252b9385cee66fa7058562df1f6ad38e9
openshift4/ose-tools-rhel8@sha256:5d3f88022bfd2e6c622a01206ccfa80df8f68e873bc64a2351069c09bafddc00
ppc64le
openshift4/driver-toolkit-rhel8@sha256:630bdc7a8b3b776a0ae2bc054e79ee521c144d7253d8c9568dceeef4be9f8ae9
openshift4/network-tools-rhel8@sha256:6ab8ada5c8897c3ae02d58dabe99b8547c07942735ab1b736fd609e789ab7640
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:31bfcf83f8c6e7a61289fdb6a739bc603939ee17d55640ee9c2496eddc86fa95
openshift4/ose-cluster-etcd-rhel8-operator@sha256:f7e6c63005012bc03dfb4e4321ee2d3b18b964c22b3942ecd9fd5e364876625e
openshift4/ose-cluster-kube-apiserver-operator@sha256:f9e60c26be1bd0f919eb74524259c728a0be9bc1f407aec714dd302c91859517
openshift4/ose-cluster-kube-scheduler-operator@sha256:57f0f25d157429ec6af85bcbbe7a1cfc6fc94c63a3995763449783f9e841cb7c
openshift4/ose-cluster-network-operator@sha256:49d358ad3ac47b7ee5acfb6587aba0b922189ff7474c515e705461d3c3309cd4
openshift4/ose-cluster-node-tuning-operator@sha256:ce6465a2085fbe473eda311adab8c013d257bf4919227e2f7d4f79616e022193
openshift4/ose-console@sha256:4a15de8cac1b3cf2431f1ebe580ea6db0813aa228c1c9422a84331552428438f
openshift4/ose-csi-driver-nfs-rhel8@sha256:39d7ca9ca841957469ed3425b2952e318a6e7a913691c5e18e6c3e110f1b390c
openshift4/ose-hyperkube@sha256:e0fb1d61fc7946b099b85110f4f154d5efcba100ffe4de6e5b65abfefb35c846
openshift4/ose-insights-rhel8-operator@sha256:9ae05150cf6ea3e03b0302cdba81839997b528c56bbebf9eae6466ca8a3510fa
openshift4/ose-jenkins@sha256:4669fa0b782c1d0f7e7391446c9a76ceeb578948dd39e650f8a67daee3805b38
openshift4/ose-jenkins-agent-base@sha256:3f674c1be19dbf1f9d11ce91efcc161ebbd58d0c1b6be676a6e0700802539b53
openshift4/ose-jenkins-agent-maven@sha256:3b772e7660d77be2f8ec6acba4dc42bd78e007388f337fdc602ab3f356e6fe7d
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:a1612ade0fa9da6edbb21e643455f5680e9c5cd3a3b427a622b79af2ef926067
openshift4/ose-kube-proxy@sha256:871133b3dfda269c82f86eb9ec96d868086cd414a8e4d8d3ba5e400a0535e765
openshift4/ose-kuryr-cni-rhel8@sha256:ad90d57e287cd77e3543e742a1afd41f0865089e185285345880abb53a038a73
openshift4/ose-kuryr-controller-rhel8@sha256:b6c4142bfc390460a92d37c47116897549fbe5a628870d5260bcc9704bc6ad97
openshift4/ose-machine-api-operator@sha256:e6806e56ff0079e4d5835d3c4d4ef1835490b2e3ff0cc1db35af861eb7a10e98
openshift4/ose-multus-cni@sha256:11adf0a342898b585a4304484e31e29d7a924d15888ce11e07cd04e1b52022ad
openshift4/ose-ovn-kubernetes@sha256:528cab91db77a89139284a054b36509df6a18a34f486b9982ee073f744099370
openshift4/ose-pod@sha256:60d5b3c859daf8e0f155c7780eb68668091779ad18dd1624f404a7083ae57a30
openshift4/ose-sdn-rhel8@sha256:527498aaca58503f303111699bc45afff6d0e2b98026c562ebece193faaa5462
openshift4/ose-tests@sha256:1e91259544eeea197221d3d21d19122578052cc819bcbfd5a57d7d6f7005017c
openshift4/ose-tools-rhel8@sha256:e6ea0bb0fbe28cad95bf039b32691427b58f8a47a23300f7836f4ca3836fa662
s390x
openshift4/driver-toolkit-rhel8@sha256:358284a2f4719ab93af5875778d2a973f69daf875ff487875733c3782481c30d
openshift4/network-tools-rhel8@sha256:a8240b03b675877e4fc745591dea05975f24ec0611c713595c033093d199cb97
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:b8f8e62b9e54133fbcc768ae5226fcffa32ded44ae48a7a8a35360baf3682dea
openshift4/ose-cluster-etcd-rhel8-operator@sha256:bde3525d829b231c4b60c8f49aad6331023c623701dc156306a48ae5223667d8
openshift4/ose-cluster-kube-apiserver-operator@sha256:5990243f5ac0cc53e5d420a3cd35ce0501a9ad76037a214af68009d5f2c88c94
openshift4/ose-cluster-kube-scheduler-operator@sha256:7ccf840b4cfbb0e774301f1a9ff8e35b578f4574e4b58983fedc81ac04ae3574
openshift4/ose-cluster-network-operator@sha256:38d96a6d3f325ef80dfdb76bbf1a9940fc71078bd828c52e531b5b2f32b44949
openshift4/ose-cluster-node-tuning-operator@sha256:96d63c1202d6a9a33eab879165df91186e41871ce0af4a1e1f583340e1873fbc
openshift4/ose-console@sha256:87ef0c190771f1a2be8cb8ba592cf279d53ecb57388207233c91a5c910bfd394
openshift4/ose-hyperkube@sha256:696b0bf0988201b26df0c0d003fa9a51fb0c1323f097ac1c2c38246adc52eb5b
openshift4/ose-insights-rhel8-operator@sha256:14c6c5decc69c46515cbcaa36c1bdc9a78f554d8447d37572b3401c6f998480c
openshift4/ose-jenkins@sha256:a38e2e9f188bdc281e4ffaa665afb43048e22ef29d56dcd2da7527ea98eeb1a4
openshift4/ose-jenkins-agent-base@sha256:4e4432e0955c745d0b1e99ce86c21cb92cd7ce8ff46a2191d29f9e8299345b3d
openshift4/ose-jenkins-agent-maven@sha256:e722b1dbe3807306e8e2600ccc7f81c47978be7515e61c4e44bc21f02c0a449d
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:66ea3707e70b59eaf0c1958c543db40a5630323810b0d60218d0ab29bc2edafe
openshift4/ose-kube-proxy@sha256:ee5c811c19219df3b2f40cd16303ca734ae65c648ef2e49a57f28d3e51a64e9e
openshift4/ose-machine-api-operator@sha256:48915b47295a8ccf9db38d652ff26fa4e4838e84212445afba9787f447f51c39
openshift4/ose-multus-cni@sha256:bea80a9886c59d60d7c7b93457ecabe560459cafeba303a842b22a37cd6988f5
openshift4/ose-ovn-kubernetes@sha256:dc10a5768af7a0f43b17198cbf7ab03118608a1e17666cb4c250c220c2425239
openshift4/ose-pod@sha256:f69c50de13f8cc786842bdeb33f8d5e3cd73e733f3b55e8b8fd8115115495639
openshift4/ose-sdn-rhel8@sha256:499b475944817abdcf383cc667d7fe507fc61b1901207567bd52bea4f0acad87
openshift4/ose-tests@sha256:f7effff753a39a1f41a23f7aff1f7fbc87516430414f314262e5f653aa181bb2
openshift4/ose-tools-rhel8@sha256:774c3d88ed4dbedbe7e830792f0f4eab652183c5bbebc1c6a6c17bd9b88fb46c
x86_64
openshift4/driver-toolkit-rhel8@sha256:51e2043014581f30f456f54aacd983b6736b3a7d83c171ed7e0f78d3c13b550e
openshift4/network-tools-rhel8@sha256:4dfd7dd6fd8fee7d0726189d1ce79af30b136e90cf66a3f4fd99237e0b1b33f8
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:b901abb5b4eb538b7ad6ab9dddb6b61daab479029aaebc67ee3ad408aa264aab
openshift4/ose-cluster-etcd-rhel8-operator@sha256:97aa85f55d12b725ae8a08309139e61de7cd75b9594789ea321e1ba431ecada1
openshift4/ose-cluster-kube-apiserver-operator@sha256:79da877d3dd1e994bc2f96c57accb505d770800e9e8e0d14bce373e6fd7f173a
openshift4/ose-cluster-kube-scheduler-operator@sha256:4558f01509aece26d7060b037ff7658c49707c26f27f11a630581e06fa792bb0
openshift4/ose-cluster-network-operator@sha256:4767b572d3ea00dcc3c00124cc9aa5d64f7a3b168bfe168c49a52c3f587f0e2b
openshift4/ose-cluster-node-tuning-operator@sha256:9306775eac60868115fdd15d158e5ad75a90267301fdbf4257ce1e4cea23f3ea
openshift4/ose-console@sha256:b1b40a4e82d226fb25ff9b30e998c53b01050078f7b9fdd6a5f3166fe7bd671d
openshift4/ose-csi-driver-nfs-rhel8@sha256:add53ca033478f90b6642e1bf04d0ea824719f40a3eaaf34c08c3f76ca8ae502
openshift4/ose-hyperkube@sha256:a2b226795829fb7268fa53cfca433bc7a6283b1ed8cb230c504456d26e997071
openshift4/ose-insights-rhel8-operator@sha256:c2ebc8827f0dd32c319cad9e5d7e64529d28d09f6e4a342d7b4d1d95a8127ec2
openshift4/ose-ironic-agent-rhel8@sha256:2b8486f15294a1de35c7dd585300a567e4a6d915724f23c6edb876f7d1fdcbaa
openshift4/ose-ironic-hardware-inventory-recorder-rhel8@sha256:e83f2197d9124d2507c3cc5acee57ac8e344871b9d84b277f0b10a53bdaa0986
openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:0355cb551b2c10df04f38044128015eadd61cc0399b99620bbd42bb83500d624
openshift4/ose-ironic-rhel8@sha256:df72412d253db2f5ca9cf4ba48ecbfd61bf8f581d818afb40953b959966ea907
openshift4/ose-jenkins@sha256:d4eb87fd92a9f5fbb39ead61fbc085fe1ce0f44e89c2a7198cf22914cc415b9c
openshift4/ose-jenkins-agent-base@sha256:1d5c09f55d07f182759582841149370bacbd1025518ddbb6138e1bffa7e3dfb3
openshift4/ose-jenkins-agent-maven@sha256:aebcc5cb4489a1978bde82670ace9052bc5523e9a1fb77908128f8cbd9ffdfc9
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:075274c04bb662d3e7240453142a80a8c2cd4da517d0d8ca97a4a6d89c58cfe0
openshift4/ose-kube-proxy@sha256:afa24b0a57544df4f0915d4a1341427b50ef68a996e1100b18814a4fb5b1fbe0
openshift4/ose-kuryr-cni-rhel8@sha256:c6728e3c77aa3873c0005106d1c2e0cbb9a3200e2cf227b2ff52c17402c1c665
openshift4/ose-kuryr-controller-rhel8@sha256:04ff2944ba22267e470e8d58a0098f52fb1adefc8c3ff9d7201af3c8b992a8a6
openshift4/ose-machine-api-operator@sha256:0af1ad3e3f47378d8a0b18cb4c02876f458aea0b6592eef1d8803c07d9e02157
openshift4/ose-multus-cni@sha256:b41fd124c02966a0061b9907841b6adfb5c23c6ff3c5bf94379c449f895b0429
openshift4/ose-ovn-kubernetes@sha256:bec6e7e2e2727413f4fd46aaff0356f3c2f9236cefa50a29251334af2df86248
openshift4/ose-pod@sha256:52ae0dd40e950b8e494b93bd0a8a292853599ab477113184cc8ad5e5b75720c1
openshift4/ose-sdn-rhel8@sha256:fb9f690b76f79f29ab307d8f57f4351787dbc4a0d7f5efcf46d32e60951e1ac4
openshift4/ose-tests@sha256:b1308e114d168b43a4b773eab4ab4a923b84449e5f41ff557edee47f77fc3f01
openshift4/ose-tools-rhel8@sha256:642b2c0dba28c84c7f4f55aac42665a3a0d1a3498088702d340278cb6e2ed7d1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-0193-03 - An update is now available for Red Hat OpenShift Container Platform 4.13.
Ubuntu Security Notice 6337-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Red Hat Security Advisory 2023-4730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10.
Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...
Red Hat Security Advisory 2023-3388-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.
Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.
Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...
Red Hat Security Advisory 2023-1504-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.34.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat OpenShift Container Platform release 4.11.34 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to u...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2023-0266: A us...
Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.
Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.
Red Hat OpenShift Container Platform release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to us...
An update for nss is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag...
An update for nss is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1220-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1101-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Red Hat Security Advisory 2023-1091-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1103-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking co...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Red Hat Security Advisory 2023-0944-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalat...
Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in ho...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in ho...
Red Hat Security Advisory 2023-0810-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0812-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted mes...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. ...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...
Ubuntu Security Notice 5774-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5773-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5754-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service.
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
Ubuntu Security Notice 5757-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5757-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.