Headline
RHSA-2022:5818: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1292: openssl: c_rehash script allows command injection
- CVE-2022-2068: openssl: the c_rehash script allows command injection
- CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: c_rehash script allows command injection (CVE-2022-1292)
- openssl: the c_rehash script allows command injection (CVE-2022-2068)
- openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
- BZ - 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
- BZ - 2100554 - OpenSSL testsuite certificates expired [rhel-8.6.0.z]
- BZ - 2104905 - CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
Red Hat Enterprise Linux for x86_64 8
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
x86_64
openssl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 2b92c71c19971eed36228f7046cbc3d1b80c3516e9c73cd45f9ce3644a7226cf
openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 981bc6493910b56eb63ece64610c9dad0a792494fa73fe06390b90ca1fa80f96
openssl-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 543cffb8f97211ec0704827b3788d7c1e050402f470cf69f7ad9f899c347e771
openssl-debugsource-1.1.1k-7.el8_6.i686.rpm
SHA-256: 61ec3078725c7b46c9fa388edb03b4adf16b0add5e79cc332ede535f15dabe17
openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6e07ac0f51d91f2c51305ed3ed36c39f8896195a42a10e682e757116e6f58d36
openssl-devel-1.1.1k-7.el8_6.i686.rpm
SHA-256: f0f1053e54b150640e419eca97e1a30b17103467ea18de1df970817db1abb6bc
openssl-devel-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6a43793e2d360067788263a12d747f142eda0f5411a7d44537d64e9694a8220c
openssl-libs-1.1.1k-7.el8_6.i686.rpm
SHA-256: 743a6a747a6706bcf4ffab3bf4a54418efb17fb01b9da2af14a7b9936da561d5
openssl-libs-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 87fc34c525199df2de3b687e40bca3e345bfd2bdd92a545cc3a94cb82b63f331
openssl-libs-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 0ad515b4ea15ac6060b127edf5af6a6401ed67e228c9fabfc4a5562c4fce7e5f
openssl-libs-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: adc1549213de4f2154d3295ee34089b237d1f61042c74500626f6f659ca7ea2a
openssl-perl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: bd39b9384c7cd6fb7bebca1c656c8a44769df7a7fee095b16d21589c2daaa37b
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
x86_64
openssl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 2b92c71c19971eed36228f7046cbc3d1b80c3516e9c73cd45f9ce3644a7226cf
openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 981bc6493910b56eb63ece64610c9dad0a792494fa73fe06390b90ca1fa80f96
openssl-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 543cffb8f97211ec0704827b3788d7c1e050402f470cf69f7ad9f899c347e771
openssl-debugsource-1.1.1k-7.el8_6.i686.rpm
SHA-256: 61ec3078725c7b46c9fa388edb03b4adf16b0add5e79cc332ede535f15dabe17
openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6e07ac0f51d91f2c51305ed3ed36c39f8896195a42a10e682e757116e6f58d36
openssl-devel-1.1.1k-7.el8_6.i686.rpm
SHA-256: f0f1053e54b150640e419eca97e1a30b17103467ea18de1df970817db1abb6bc
openssl-devel-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6a43793e2d360067788263a12d747f142eda0f5411a7d44537d64e9694a8220c
openssl-libs-1.1.1k-7.el8_6.i686.rpm
SHA-256: 743a6a747a6706bcf4ffab3bf4a54418efb17fb01b9da2af14a7b9936da561d5
openssl-libs-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 87fc34c525199df2de3b687e40bca3e345bfd2bdd92a545cc3a94cb82b63f331
openssl-libs-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 0ad515b4ea15ac6060b127edf5af6a6401ed67e228c9fabfc4a5562c4fce7e5f
openssl-libs-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: adc1549213de4f2154d3295ee34089b237d1f61042c74500626f6f659ca7ea2a
openssl-perl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: bd39b9384c7cd6fb7bebca1c656c8a44769df7a7fee095b16d21589c2daaa37b
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
x86_64
openssl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 2b92c71c19971eed36228f7046cbc3d1b80c3516e9c73cd45f9ce3644a7226cf
openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 981bc6493910b56eb63ece64610c9dad0a792494fa73fe06390b90ca1fa80f96
openssl-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 543cffb8f97211ec0704827b3788d7c1e050402f470cf69f7ad9f899c347e771
openssl-debugsource-1.1.1k-7.el8_6.i686.rpm
SHA-256: 61ec3078725c7b46c9fa388edb03b4adf16b0add5e79cc332ede535f15dabe17
openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6e07ac0f51d91f2c51305ed3ed36c39f8896195a42a10e682e757116e6f58d36
openssl-devel-1.1.1k-7.el8_6.i686.rpm
SHA-256: f0f1053e54b150640e419eca97e1a30b17103467ea18de1df970817db1abb6bc
openssl-devel-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6a43793e2d360067788263a12d747f142eda0f5411a7d44537d64e9694a8220c
openssl-libs-1.1.1k-7.el8_6.i686.rpm
SHA-256: 743a6a747a6706bcf4ffab3bf4a54418efb17fb01b9da2af14a7b9936da561d5
openssl-libs-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 87fc34c525199df2de3b687e40bca3e345bfd2bdd92a545cc3a94cb82b63f331
openssl-libs-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 0ad515b4ea15ac6060b127edf5af6a6401ed67e228c9fabfc4a5562c4fce7e5f
openssl-libs-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: adc1549213de4f2154d3295ee34089b237d1f61042c74500626f6f659ca7ea2a
openssl-perl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: bd39b9384c7cd6fb7bebca1c656c8a44769df7a7fee095b16d21589c2daaa37b
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
s390x
openssl-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 3a4efd640a71389b5ba31a03858eb817488a06d8b7bcd2956f08bf11e44e6cc0
openssl-debuginfo-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 1f2500b7ae72bf7e2330c0d542d72ee410ab162305357c8f04768341c353b4d1
openssl-debugsource-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 2efaa11ce8ecacdcc2c8f4c630d06d497b4eed1e9d10335470f553b6a8c69325
openssl-devel-1.1.1k-7.el8_6.s390x.rpm
SHA-256: f6d6d2a128a137537d5bbeb5ddd1bbcc8f8838e405bd52980a3e72b7879e43cd
openssl-libs-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 4efd1d8ebf88749b1102ee0b787dacf9550269546a48d9e5c8e3453122505fc7
openssl-libs-debuginfo-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 5d2e183d6ef29124e1262bf44f566c9da09a52efbfbcaa2541c6647103b5c7f2
openssl-perl-1.1.1k-7.el8_6.s390x.rpm
SHA-256: d512989c20970a3a3bc8a536c2d8eff049b55e3ed49f6d7c66bde4022dd79378
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
s390x
openssl-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 3a4efd640a71389b5ba31a03858eb817488a06d8b7bcd2956f08bf11e44e6cc0
openssl-debuginfo-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 1f2500b7ae72bf7e2330c0d542d72ee410ab162305357c8f04768341c353b4d1
openssl-debugsource-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 2efaa11ce8ecacdcc2c8f4c630d06d497b4eed1e9d10335470f553b6a8c69325
openssl-devel-1.1.1k-7.el8_6.s390x.rpm
SHA-256: f6d6d2a128a137537d5bbeb5ddd1bbcc8f8838e405bd52980a3e72b7879e43cd
openssl-libs-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 4efd1d8ebf88749b1102ee0b787dacf9550269546a48d9e5c8e3453122505fc7
openssl-libs-debuginfo-1.1.1k-7.el8_6.s390x.rpm
SHA-256: 5d2e183d6ef29124e1262bf44f566c9da09a52efbfbcaa2541c6647103b5c7f2
openssl-perl-1.1.1k-7.el8_6.s390x.rpm
SHA-256: d512989c20970a3a3bc8a536c2d8eff049b55e3ed49f6d7c66bde4022dd79378
Red Hat Enterprise Linux for Power, little endian 8
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
ppc64le
openssl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 3831d0d074b060f00db46aa0ff3e5b2d5132ad5c847b6fd5241e0fe111716688
openssl-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 563c03b7796b0a07ed932df8c1c80531b73a6eeba174a3f196e2a2957aa00bc2
openssl-debugsource-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: f7df46f31dbea2c79ab70960b6c8b05bb74beaec0bf4afbee5d643e0dcc28930
openssl-devel-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 41f8d417d73b912314933634e284e64909cf34f5473c1ba19ca4864099cf75d8
openssl-libs-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 2e6023f7aa76f96420fe32540b70f3886fb0e31c2291ebd5c930c4ededd339a1
openssl-libs-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 0dc2a10739661c5ad061c8574596497d277fcb8d0489e4e5c7eea2aa259a8281
openssl-perl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 62afa4178c6313963b84bb93536e2a757ee8be6a373b14aecd2b7b286e07b646
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
ppc64le
openssl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 3831d0d074b060f00db46aa0ff3e5b2d5132ad5c847b6fd5241e0fe111716688
openssl-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 563c03b7796b0a07ed932df8c1c80531b73a6eeba174a3f196e2a2957aa00bc2
openssl-debugsource-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: f7df46f31dbea2c79ab70960b6c8b05bb74beaec0bf4afbee5d643e0dcc28930
openssl-devel-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 41f8d417d73b912314933634e284e64909cf34f5473c1ba19ca4864099cf75d8
openssl-libs-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 2e6023f7aa76f96420fe32540b70f3886fb0e31c2291ebd5c930c4ededd339a1
openssl-libs-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 0dc2a10739661c5ad061c8574596497d277fcb8d0489e4e5c7eea2aa259a8281
openssl-perl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 62afa4178c6313963b84bb93536e2a757ee8be6a373b14aecd2b7b286e07b646
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
x86_64
openssl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 2b92c71c19971eed36228f7046cbc3d1b80c3516e9c73cd45f9ce3644a7226cf
openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 981bc6493910b56eb63ece64610c9dad0a792494fa73fe06390b90ca1fa80f96
openssl-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 543cffb8f97211ec0704827b3788d7c1e050402f470cf69f7ad9f899c347e771
openssl-debugsource-1.1.1k-7.el8_6.i686.rpm
SHA-256: 61ec3078725c7b46c9fa388edb03b4adf16b0add5e79cc332ede535f15dabe17
openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6e07ac0f51d91f2c51305ed3ed36c39f8896195a42a10e682e757116e6f58d36
openssl-devel-1.1.1k-7.el8_6.i686.rpm
SHA-256: f0f1053e54b150640e419eca97e1a30b17103467ea18de1df970817db1abb6bc
openssl-devel-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6a43793e2d360067788263a12d747f142eda0f5411a7d44537d64e9694a8220c
openssl-libs-1.1.1k-7.el8_6.i686.rpm
SHA-256: 743a6a747a6706bcf4ffab3bf4a54418efb17fb01b9da2af14a7b9936da561d5
openssl-libs-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 87fc34c525199df2de3b687e40bca3e345bfd2bdd92a545cc3a94cb82b63f331
openssl-libs-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 0ad515b4ea15ac6060b127edf5af6a6401ed67e228c9fabfc4a5562c4fce7e5f
openssl-libs-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: adc1549213de4f2154d3295ee34089b237d1f61042c74500626f6f659ca7ea2a
openssl-perl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: bd39b9384c7cd6fb7bebca1c656c8a44769df7a7fee095b16d21589c2daaa37b
Red Hat Enterprise Linux for ARM 64 8
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
aarch64
openssl-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 40134ae0bcabafe7d9561f73fba55a4404f9c4b28536d7e175a83cea43f424b0
openssl-debuginfo-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 0ce1db2f3de1e98a918740740b760ae397df06bb6f43145491e4d6c57d9f2e43
openssl-debugsource-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 967a4e4f35fe069c2c2e6c940eca867c59cfe044fd9ff947c51fa6a475f66da5
openssl-devel-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: a7627c6e779a1405ed439a3c5fab2f0f8c424ce49437ec31abe22a52347c1794
openssl-libs-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 3e22bf801baefdff255b25e41ed042c77f070258e9b688e2188d7a921e2606b8
openssl-libs-debuginfo-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 8716bc086c68ec50366cf2be88f71b0704f99c94611f53f43cfa2a840b960aa5
openssl-perl-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 2a18beb1c0bd5d912591f41827373323ea8fb38e11a43b988c0db132c5522023
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
aarch64
openssl-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 40134ae0bcabafe7d9561f73fba55a4404f9c4b28536d7e175a83cea43f424b0
openssl-debuginfo-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 0ce1db2f3de1e98a918740740b760ae397df06bb6f43145491e4d6c57d9f2e43
openssl-debugsource-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 967a4e4f35fe069c2c2e6c940eca867c59cfe044fd9ff947c51fa6a475f66da5
openssl-devel-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: a7627c6e779a1405ed439a3c5fab2f0f8c424ce49437ec31abe22a52347c1794
openssl-libs-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 3e22bf801baefdff255b25e41ed042c77f070258e9b688e2188d7a921e2606b8
openssl-libs-debuginfo-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 8716bc086c68ec50366cf2be88f71b0704f99c94611f53f43cfa2a840b960aa5
openssl-perl-1.1.1k-7.el8_6.aarch64.rpm
SHA-256: 2a18beb1c0bd5d912591f41827373323ea8fb38e11a43b988c0db132c5522023
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
ppc64le
openssl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 3831d0d074b060f00db46aa0ff3e5b2d5132ad5c847b6fd5241e0fe111716688
openssl-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 563c03b7796b0a07ed932df8c1c80531b73a6eeba174a3f196e2a2957aa00bc2
openssl-debugsource-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: f7df46f31dbea2c79ab70960b6c8b05bb74beaec0bf4afbee5d643e0dcc28930
openssl-devel-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 41f8d417d73b912314933634e284e64909cf34f5473c1ba19ca4864099cf75d8
openssl-libs-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 2e6023f7aa76f96420fe32540b70f3886fb0e31c2291ebd5c930c4ededd339a1
openssl-libs-debuginfo-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 0dc2a10739661c5ad061c8574596497d277fcb8d0489e4e5c7eea2aa259a8281
openssl-perl-1.1.1k-7.el8_6.ppc64le.rpm
SHA-256: 62afa4178c6313963b84bb93536e2a757ee8be6a373b14aecd2b7b286e07b646
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
openssl-1.1.1k-7.el8_6.src.rpm
SHA-256: 5200d00dea751c86c3c2e94acdf9cf24260621f0667409e20bd7accded67d7c2
x86_64
openssl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 2b92c71c19971eed36228f7046cbc3d1b80c3516e9c73cd45f9ce3644a7226cf
openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 981bc6493910b56eb63ece64610c9dad0a792494fa73fe06390b90ca1fa80f96
openssl-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 543cffb8f97211ec0704827b3788d7c1e050402f470cf69f7ad9f899c347e771
openssl-debugsource-1.1.1k-7.el8_6.i686.rpm
SHA-256: 61ec3078725c7b46c9fa388edb03b4adf16b0add5e79cc332ede535f15dabe17
openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6e07ac0f51d91f2c51305ed3ed36c39f8896195a42a10e682e757116e6f58d36
openssl-devel-1.1.1k-7.el8_6.i686.rpm
SHA-256: f0f1053e54b150640e419eca97e1a30b17103467ea18de1df970817db1abb6bc
openssl-devel-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 6a43793e2d360067788263a12d747f142eda0f5411a7d44537d64e9694a8220c
openssl-libs-1.1.1k-7.el8_6.i686.rpm
SHA-256: 743a6a747a6706bcf4ffab3bf4a54418efb17fb01b9da2af14a7b9936da561d5
openssl-libs-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: 87fc34c525199df2de3b687e40bca3e345bfd2bdd92a545cc3a94cb82b63f331
openssl-libs-debuginfo-1.1.1k-7.el8_6.i686.rpm
SHA-256: 0ad515b4ea15ac6060b127edf5af6a6401ed67e228c9fabfc4a5562c4fce7e5f
openssl-libs-debuginfo-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: adc1549213de4f2154d3295ee34089b237d1f61042c74500626f6f659ca7ea2a
openssl-perl-1.1.1k-7.el8_6.x86_64.rpm
SHA-256: bd39b9384c7cd6fb7bebca1c656c8a44769df7a7fee095b16d21589c2daaa37b
Related news
Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
Ubuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)
Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.
An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection
Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays
Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat Security Advisory 2022-7055-01 - An update is now available for Red Hat Openshift distributed tracing 2.6.0. Issues addressed include denial of service and traversal vulnerabilities.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...
Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...
Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...
Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-1343: openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS * CVE-2022-1473: openssl: OPENSSL_LH_flush() breaks reuse of memory * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-2097: openssl: AES OCB fails to encryp...
Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.
Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.
An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 4.11 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-...
This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.
Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.
An update is now available for RHOL-5.5-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43813: grafana: directory traversal vulnerability * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
All security issues have been patched – update now
Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.
Ubuntu Security Notice 5502-1 - Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Ubuntu Security Notice 5488-1 - Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).