Headline
RHSA-2022:1619: Red Hat Security Advisory: kpatch-patch security update
An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
SRPM kpatch-patch-4_18_0-147_48_1-1-8.el8_1.src.rpm SHA-256: 389aad6a65954bc5c2e2a4d086612f97bb9bb2ba403b5d05363089fed0885008 kpatch-patch-4_18_0-147_51_1-1-7.el8_1.src.rpm SHA-256: 6339b8f59d81af015f677da0ad909d0330f8f36056cfa22d24ab2eee503a0051 kpatch-patch-4_18_0-147_51_2-1-6.el8_1.src.rpm SHA-256: f40f67f0e8f0c195fa586c785d2f25124773e9825172d6696bf3cb36c2524d28 kpatch-patch-4_18_0-147_52_1-1-5.el8_1.src.rpm SHA-256: 549ba54697532ed7602c86a8e61fac87c89461beb9c61bfa90f049534446817f kpatch-patch-4_18_0-147_54_2-1-4.el8_1.src.rpm SHA-256: a00f866b5ecc822a117e5ce4d3bbe4cbd8324d046731d6aadf3bc3b1764842d6 kpatch-patch-4_18_0-147_56_1-1-4.el8_1.src.rpm SHA-256: 1c6ee6ac169427c61948a43e8d63a8e167f902c15bc6a446fd55a71999be968c kpatch-patch-4_18_0-147_57_1-1-3.el8_1.src.rpm SHA-256: 6f690bb647ac0203b59cddd3ba162506b7143ed7c14dfa88f6d1ddd65e0fd121 kpatch-patch-4_18_0-147_58_1-1-2.el8_1.src.rpm SHA-256: 73258db77d6e60d2d8efe10b12f98ebedd7431fec257633fb35a1e502d9737c6 kpatch-patch-4_18_0-147_59_1-1-2.el8_1.src.rpm SHA-256: 30fbb1e7095386629d770ece26e50d008dc814ae857362d9ce4f14a5fcdcbdc6 kpatch-patch-4_18_0-147_64_1-1-1.el8_1.src.rpm SHA-256: ea3eb0b98ef2eee6dc19346538ec3583a5b85d4944a4637a0a30b2a3686663b6 ppc64le kpatch-patch-4_18_0-147_48_1-1-8.el8_1.ppc64le.rpm SHA-256: 0b4c32a9440e3ab0711ccaf947b3c0b0621bc81ed5b920dd73ed364a51df396b kpatch-patch-4_18_0-147_48_1-debuginfo-1-8.el8_1.ppc64le.rpm SHA-256: 775592417896a76225605bf5746228e0ae76fd6291eabdf1461ba36fe93a8457 kpatch-patch-4_18_0-147_48_1-debugsource-1-8.el8_1.ppc64le.rpm SHA-256: bd30386e1e5483a526b7aadb83e4357a9d25c4db314d59fb08fddeea94f63a18 kpatch-patch-4_18_0-147_51_1-1-7.el8_1.ppc64le.rpm SHA-256: 3f62dc00302968eac391039b5ffe7ffe8b91bd6a12a2db6966e6e45705999402 kpatch-patch-4_18_0-147_51_1-debuginfo-1-7.el8_1.ppc64le.rpm SHA-256: 1de33dea9a036bb21492a64733f792b064a625828ad43b1f453ac1602bbf1fe2 kpatch-patch-4_18_0-147_51_1-debugsource-1-7.el8_1.ppc64le.rpm SHA-256: 228da5375e7a0c733bc8f06a5e54e653c7239007bdf5207b803e5ee4f8f78d95 kpatch-patch-4_18_0-147_51_2-1-6.el8_1.ppc64le.rpm SHA-256: ca75cf2bc8660273ef8940295ad23ab6835fd07cd20dcd39ca83db1bc41309aa kpatch-patch-4_18_0-147_51_2-debuginfo-1-6.el8_1.ppc64le.rpm SHA-256: ed451ab9b7d3a6ced649ef3a6f1326c74feff49bb7bbaec431e59ab70a359f52 kpatch-patch-4_18_0-147_51_2-debugsource-1-6.el8_1.ppc64le.rpm SHA-256: 72237fafa1abaa502e173668bee4c0db2a2605b4b7094af4c320d9e86406d30c kpatch-patch-4_18_0-147_52_1-1-5.el8_1.ppc64le.rpm SHA-256: 6227b1f45f8ee6c008b2563592f037835f49ee761c8d2f07daa7bf5dbc319400 kpatch-patch-4_18_0-147_52_1-debuginfo-1-5.el8_1.ppc64le.rpm SHA-256: 30bbd19b7b83f6786d3eb2d79b20d823603bc15c2356dc583a3de9445943b5af kpatch-patch-4_18_0-147_52_1-debugsource-1-5.el8_1.ppc64le.rpm SHA-256: 8785a2ff217c7e53db82a3c85c66f4334f508c1fd06212b63c8463e79cf1a309 kpatch-patch-4_18_0-147_54_2-1-4.el8_1.ppc64le.rpm SHA-256: 596d9753ea096c0f84c242a72c2a3f5349c7e2dcab4193918480362dd28cd873 kpatch-patch-4_18_0-147_54_2-debuginfo-1-4.el8_1.ppc64le.rpm SHA-256: 5eb065be43cb4756bb271645a6f473313b14947b7157eb4faec0711338b70786 kpatch-patch-4_18_0-147_54_2-debugsource-1-4.el8_1.ppc64le.rpm SHA-256: b87d5a5b7156a18492510132f398cb391ddd9e6c4214cb2ae587523bd4164e97 kpatch-patch-4_18_0-147_56_1-1-4.el8_1.ppc64le.rpm SHA-256: 51795783573cbc6657d349f91e15899e92ad511b4edec2d10dc409009e73c608 kpatch-patch-4_18_0-147_56_1-debuginfo-1-4.el8_1.ppc64le.rpm SHA-256: b847219021e386a24bba47b02c0410a6b7d44d87fd4737d2b926e26f940f02f5 kpatch-patch-4_18_0-147_56_1-debugsource-1-4.el8_1.ppc64le.rpm SHA-256: eddcf505669928a00ea5d48abea7bb8a305c5cccde3806cda3621cabc3ebdac3 kpatch-patch-4_18_0-147_57_1-1-3.el8_1.ppc64le.rpm SHA-256: 5b1c69737c5e2a6dc51fafd7b745167ef6f89984cdf5d1c64e55acba27043cdd kpatch-patch-4_18_0-147_57_1-debuginfo-1-3.el8_1.ppc64le.rpm SHA-256: 995fd845e2963d16dd22417b618d6316f14384ef4dd01b40215246cdfdd2760b kpatch-patch-4_18_0-147_57_1-debugsource-1-3.el8_1.ppc64le.rpm SHA-256: 767409284c66a80caef592fc5af18d71bd6b8476764d9610422884a287e02e68 kpatch-patch-4_18_0-147_58_1-1-2.el8_1.ppc64le.rpm SHA-256: 218816f11c00baefc4b3830d62487133e2e1dc9b9b4d155354bc38523c97f772 kpatch-patch-4_18_0-147_58_1-debuginfo-1-2.el8_1.ppc64le.rpm SHA-256: b2ccb178dcb56cd37a7360e7c4f04b2a87cf896bb31a96a480185735a528a913 kpatch-patch-4_18_0-147_58_1-debugsource-1-2.el8_1.ppc64le.rpm SHA-256: c7b24e56cb07bc0fbfeef917d43416d9e09f1ba26e1aa35128d7f60cbac123f6 kpatch-patch-4_18_0-147_59_1-1-2.el8_1.ppc64le.rpm SHA-256: e5beb0a5953f08b3d85025bb44a85c13ce8cd52ca8dcea73039db1fe0df33692 kpatch-patch-4_18_0-147_59_1-debuginfo-1-2.el8_1.ppc64le.rpm SHA-256: ea6ab99730d7f5ad0f715a8ac31345f355d1e677b9bf6c8e92c16819c29453f7 kpatch-patch-4_18_0-147_59_1-debugsource-1-2.el8_1.ppc64le.rpm SHA-256: 73a7df9c489c41feb155127b573973ec99d2e5aeb15d2cc49d47c7db8c99f53f kpatch-patch-4_18_0-147_64_1-1-1.el8_1.ppc64le.rpm SHA-256: 215c04d8315426835adc60d01490acae2f938f07c30155cbddf273f4f880904a kpatch-patch-4_18_0-147_64_1-debuginfo-1-1.el8_1.ppc64le.rpm SHA-256: 21f9e3e7bbfb1b261806f2b9bac65155b2d40107cdfc1db708bbcbcbcd81730a kpatch-patch-4_18_0-147_64_1-debugsource-1-1.el8_1.ppc64le.rpm SHA-256: 62b3e2cebca0adf15cadbceb8371397fd2c147b96e79415fbe656113cd141832
SRPM kpatch-patch-4_18_0-147_48_1-1-8.el8_1.src.rpm SHA-256: 389aad6a65954bc5c2e2a4d086612f97bb9bb2ba403b5d05363089fed0885008 kpatch-patch-4_18_0-147_51_1-1-7.el8_1.src.rpm SHA-256: 6339b8f59d81af015f677da0ad909d0330f8f36056cfa22d24ab2eee503a0051 kpatch-patch-4_18_0-147_51_2-1-6.el8_1.src.rpm SHA-256: f40f67f0e8f0c195fa586c785d2f25124773e9825172d6696bf3cb36c2524d28 kpatch-patch-4_18_0-147_52_1-1-5.el8_1.src.rpm SHA-256: 549ba54697532ed7602c86a8e61fac87c89461beb9c61bfa90f049534446817f kpatch-patch-4_18_0-147_54_2-1-4.el8_1.src.rpm SHA-256: a00f866b5ecc822a117e5ce4d3bbe4cbd8324d046731d6aadf3bc3b1764842d6 kpatch-patch-4_18_0-147_56_1-1-4.el8_1.src.rpm SHA-256: 1c6ee6ac169427c61948a43e8d63a8e167f902c15bc6a446fd55a71999be968c kpatch-patch-4_18_0-147_57_1-1-3.el8_1.src.rpm SHA-256: 6f690bb647ac0203b59cddd3ba162506b7143ed7c14dfa88f6d1ddd65e0fd121 kpatch-patch-4_18_0-147_58_1-1-2.el8_1.src.rpm SHA-256: 73258db77d6e60d2d8efe10b12f98ebedd7431fec257633fb35a1e502d9737c6 kpatch-patch-4_18_0-147_59_1-1-2.el8_1.src.rpm SHA-256: 30fbb1e7095386629d770ece26e50d008dc814ae857362d9ce4f14a5fcdcbdc6 kpatch-patch-4_18_0-147_64_1-1-1.el8_1.src.rpm SHA-256: ea3eb0b98ef2eee6dc19346538ec3583a5b85d4944a4637a0a30b2a3686663b6 x86_64 kpatch-patch-4_18_0-147_48_1-1-8.el8_1.x86_64.rpm SHA-256: ece8e5ecc5e45296f3edfbbb0a0747737d0bcb555f439b747ff510e9510b5d80 kpatch-patch-4_18_0-147_48_1-debuginfo-1-8.el8_1.x86_64.rpm SHA-256: ef09ec2d80e221041b8905be1d2c57a6843e0cc0964331b7128f348c43ede9a9 kpatch-patch-4_18_0-147_48_1-debugsource-1-8.el8_1.x86_64.rpm SHA-256: 5a6b15b1cdff51d4de4402cef276da1a6853eb65a3c13382c6a8ebab1237dec4 kpatch-patch-4_18_0-147_51_1-1-7.el8_1.x86_64.rpm SHA-256: 993bc22c5b978cd39c5944a2ee3094e288589d21f034aa655284e0a2e38704b1 kpatch-patch-4_18_0-147_51_1-debuginfo-1-7.el8_1.x86_64.rpm SHA-256: d1e279a64928613fd338c10bc1732952e7dad116da0f3b37231cceb393f92570 kpatch-patch-4_18_0-147_51_1-debugsource-1-7.el8_1.x86_64.rpm SHA-256: 9e480a2d5886cf53e89bef359bb4ef96d20aa96941372bf176e08da5c4ebe70d kpatch-patch-4_18_0-147_51_2-1-6.el8_1.x86_64.rpm SHA-256: 466e6603e3d08a9da427a0aeb23cbd7da8ae2f670076f085ec6f4b7ecb20f7d6 kpatch-patch-4_18_0-147_51_2-debuginfo-1-6.el8_1.x86_64.rpm SHA-256: 5fa59f461b274e0414373db391e49c121fb63892aa05afdb9e711c47d2a61ce4 kpatch-patch-4_18_0-147_51_2-debugsource-1-6.el8_1.x86_64.rpm SHA-256: fb68d81ca7b9b94e7109b90cff7baf22d4365fe2e3e2d368417895822bb911a8 kpatch-patch-4_18_0-147_52_1-1-5.el8_1.x86_64.rpm SHA-256: d01b90f8c87d8c9d8d3be519988f5bdbe8d2376f28548b8ecc4a2249ed7bafb4 kpatch-patch-4_18_0-147_52_1-debuginfo-1-5.el8_1.x86_64.rpm SHA-256: 98198014ec681b6a6e4841710687d2b21a6f43128f72809f6be1448f7e457a47 kpatch-patch-4_18_0-147_52_1-debugsource-1-5.el8_1.x86_64.rpm SHA-256: 29e2173ed1805bf054b971acd3065eb79cc22b495c0de21932ecd52e8cb27762 kpatch-patch-4_18_0-147_54_2-1-4.el8_1.x86_64.rpm SHA-256: 7a7514e881c99b58e62bca311d386ff204ecbacd626371fad2db107442fc7120 kpatch-patch-4_18_0-147_54_2-debuginfo-1-4.el8_1.x86_64.rpm SHA-256: 865a06a944ba9666b81d26345de7f7526d29c1023a7dece00aff61fd1ad728b8 kpatch-patch-4_18_0-147_54_2-debugsource-1-4.el8_1.x86_64.rpm SHA-256: b25aabcb607e52cf9fdd54f6e6bf10155b39f777818170864af41a5d09448506 kpatch-patch-4_18_0-147_56_1-1-4.el8_1.x86_64.rpm SHA-256: 1782798080160d615b8b8a20cfb7ca7179ccad582d5863f95224d41dc84cc23e kpatch-patch-4_18_0-147_56_1-debuginfo-1-4.el8_1.x86_64.rpm SHA-256: 7544070af11b78d62becb1c7b610802538c804146b030db442030aadc3f030eb kpatch-patch-4_18_0-147_56_1-debugsource-1-4.el8_1.x86_64.rpm SHA-256: 2dec1b58866e179982f6ba2df8238f51872bd17628eee4e81f36e21fc5590448 kpatch-patch-4_18_0-147_57_1-1-3.el8_1.x86_64.rpm SHA-256: 64d449b0d21033eff033999805947964744ebfdb504c0cd7da869543b15a251b kpatch-patch-4_18_0-147_57_1-debuginfo-1-3.el8_1.x86_64.rpm SHA-256: c3c0bb6edf7c9b33b60529239893e51d645c3774a9ad0c6d37aa5435dd33abc7 kpatch-patch-4_18_0-147_57_1-debugsource-1-3.el8_1.x86_64.rpm SHA-256: 51001c77bb3c5dcb400ebf7246d4c38f6b5b04885af8233de5866ac43dc55f07 kpatch-patch-4_18_0-147_58_1-1-2.el8_1.x86_64.rpm SHA-256: d240098b367742f7c9c68590de32e4a2bfa2942041a1428ed4f7aaea71c16845 kpatch-patch-4_18_0-147_58_1-debuginfo-1-2.el8_1.x86_64.rpm SHA-256: adfee2c17c8ba758547f84a125c4fc3b34808c9b9c3a512213401c89213fc53f kpatch-patch-4_18_0-147_58_1-debugsource-1-2.el8_1.x86_64.rpm SHA-256: b245161ff4c21efde87d1c4857625ca48b93ea5b9e5fc8eac74c85d9196fabb3 kpatch-patch-4_18_0-147_59_1-1-2.el8_1.x86_64.rpm SHA-256: 63962618ae5112c734530a42e20c5c1e1d1cf77a100a378eee58f6a0fd4cf860 kpatch-patch-4_18_0-147_59_1-debuginfo-1-2.el8_1.x86_64.rpm SHA-256: a1097c2de8e2b30e18cae2a5e6ddc1d11de98f9d506712151f33967e94537f4a kpatch-patch-4_18_0-147_59_1-debugsource-1-2.el8_1.x86_64.rpm SHA-256: ad58636fd8f1dba84715a8621410720c07f927fd2871dacb1d61f5a1ccd6b7f0 kpatch-patch-4_18_0-147_64_1-1-1.el8_1.x86_64.rpm SHA-256: 9d145ccdadbca7756d110927baf61cbea2d8698af78489dbad8626c26802f500 kpatch-patch-4_18_0-147_64_1-debuginfo-1-1.el8_1.x86_64.rpm SHA-256: 70c335c4979ed94d84b6d914a9095e7aa45a7a9fe969d78c8f28a7bf9ea56ece kpatch-patch-4_18_0-147_64_1-debugsource-1-1.el8_1.x86_64.rpm SHA-256: 45c8f7ecd21ee9e5bdb8ebf2c18115be9a99d9aaa633535c2eb85d41b29fc230
Related news
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache
Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...
A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution