Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8640: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Data
#vulnerability#linux#red_hat#ldap#auth#ibm

Synopsis

Important: krb5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for krb5 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Enterprise Linux Server 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

x86_64

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-devel-1.15.1-55.el7_9.i686.rpm

SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077

krb5-devel-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72

krb5-libs-1.15.1-55.el7_9.i686.rpm

SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0

krb5-libs-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6

krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948

krb5-server-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391

krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm

SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309

krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958

libkadm5-1.15.1-55.el7_9.i686.rpm

SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9

libkadm5-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19

Red Hat Enterprise Linux Workstation 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

x86_64

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-devel-1.15.1-55.el7_9.i686.rpm

SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077

krb5-devel-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72

krb5-libs-1.15.1-55.el7_9.i686.rpm

SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0

krb5-libs-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6

krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948

krb5-server-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391

krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm

SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309

krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958

libkadm5-1.15.1-55.el7_9.i686.rpm

SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9

libkadm5-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19

Red Hat Enterprise Linux Desktop 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

x86_64

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-devel-1.15.1-55.el7_9.i686.rpm

SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077

krb5-devel-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72

krb5-libs-1.15.1-55.el7_9.i686.rpm

SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0

krb5-libs-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6

krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948

krb5-server-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391

krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm

SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309

krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958

libkadm5-1.15.1-55.el7_9.i686.rpm

SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9

libkadm5-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

s390x

krb5-debuginfo-1.15.1-55.el7_9.s390.rpm

SHA-256: 7b92dfcde74bfc8a6cc2195e599eeafd6c5f4f2d0f2079f5834a1ba7cc6dc19f

krb5-debuginfo-1.15.1-55.el7_9.s390x.rpm

SHA-256: e8d2632a716f9937d73ad456c72a83dd62a77146f2e4ec7f6875655ea5bc1816

krb5-devel-1.15.1-55.el7_9.s390.rpm

SHA-256: 2f10c7fbca34fb6c5b127f8c3cd945f96cb589e8b82f1ef5f7d64d512b5b9971

krb5-devel-1.15.1-55.el7_9.s390x.rpm

SHA-256: 0f40e44b641d76c6ab7fb05757b5e8fa300622b11e6d1a200d80bab8e197498b

krb5-libs-1.15.1-55.el7_9.s390.rpm

SHA-256: afcd6355eb1ec1920529323ab3ed38391bcd58e832b6f69b08f2e70bfba7b726

krb5-libs-1.15.1-55.el7_9.s390x.rpm

SHA-256: 915e3d0861753a19a5d73e1be6d78457500e5e57947f09d25cdd5621942d2321

krb5-pkinit-1.15.1-55.el7_9.s390x.rpm

SHA-256: 63dbb897426b63e714112135516ea4e98872533ea92ed84e00003c4465e0d7a1

krb5-server-1.15.1-55.el7_9.s390x.rpm

SHA-256: 96566da10a7e298bff95e777e55ddacf85ee48a93b57ef0a30ee89f2805b3bae

krb5-server-ldap-1.15.1-55.el7_9.s390x.rpm

SHA-256: d822ae0dcb43eb7509d77e5a440163cbfb2996d4139582c33d25653e0d778c3b

krb5-workstation-1.15.1-55.el7_9.s390x.rpm

SHA-256: 56a9866ae48f60d68d3ae5ad57bfa03d9eb69259f465f1835200ee4839d3efe3

libkadm5-1.15.1-55.el7_9.s390.rpm

SHA-256: c2b7a93076e14dd0e9b5d1bcd3a5428d7ce2c69485982ad0dbe6313b7cf13f16

libkadm5-1.15.1-55.el7_9.s390x.rpm

SHA-256: 00822c7baa24f602f1243397bd36396781ae449c464124fd039f842eb9c2eed2

Red Hat Enterprise Linux for Power, big endian 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

ppc64

krb5-debuginfo-1.15.1-55.el7_9.ppc.rpm

SHA-256: a183ee385d776ef34f572f43ddde4a0756648c5c7b890abffdcd5908ca989a2d

krb5-debuginfo-1.15.1-55.el7_9.ppc64.rpm

SHA-256: 6cdd9feda2b9567bf0ca0f0c2af7589bba531d8632de569af5ea1b4cbeeba677

krb5-devel-1.15.1-55.el7_9.ppc.rpm

SHA-256: 2df4b7c6e43e596f810fbf650ed678bde1a944bd79758c827fcd767f35e77c3f

krb5-devel-1.15.1-55.el7_9.ppc64.rpm

SHA-256: 62fb7b90c7c980225660404661c558decf00f0129ef4d0e462f49808565bb9a8

krb5-libs-1.15.1-55.el7_9.ppc.rpm

SHA-256: 792dab7c56ceb02618b22da40532d8d5596baa3e85c031e8a4fecc854772a9fa

krb5-libs-1.15.1-55.el7_9.ppc64.rpm

SHA-256: c14909016cac2e47e9c3fd238d7771b40c3d3c75a56ab79531016f590e8e45d6

krb5-pkinit-1.15.1-55.el7_9.ppc64.rpm

SHA-256: 6d51992588a0f5140966296eff00afdf1dd2b3a0256b601938c8d8f9e64c181d

krb5-server-1.15.1-55.el7_9.ppc64.rpm

SHA-256: e8cc49e8246ee72589f482fa0a151234b48f5be9e93818476a0a6104401e3297

krb5-server-ldap-1.15.1-55.el7_9.ppc64.rpm

SHA-256: bc413c37e1ab71ec53a7a06890fbe225d67ae0e33c3c9054da639b3f999c6901

krb5-workstation-1.15.1-55.el7_9.ppc64.rpm

SHA-256: fab5c81a5ec347f6f1f93c7902ac5a8137b98f577005ffc3c488fbbb4f5fa15d

libkadm5-1.15.1-55.el7_9.ppc.rpm

SHA-256: 92a3296dce38058499fbc6e2c3a649b296e1557371997ddf12373c76229884e4

libkadm5-1.15.1-55.el7_9.ppc64.rpm

SHA-256: 19999636db18e2ac2d53fe94f3f472e52c2a499a285639cb6451756fd2c54ad2

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

x86_64

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.i686.rpm

SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8

krb5-devel-1.15.1-55.el7_9.i686.rpm

SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077

krb5-devel-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72

krb5-libs-1.15.1-55.el7_9.i686.rpm

SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0

krb5-libs-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6

krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948

krb5-server-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391

krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm

SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309

krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958

libkadm5-1.15.1-55.el7_9.i686.rpm

SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9

libkadm5-1.15.1-55.el7_9.x86_64.rpm

SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19

Red Hat Enterprise Linux for Power, little endian 7

SRPM

krb5-1.15.1-55.el7_9.src.rpm

SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2

ppc64le

krb5-debuginfo-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: de5a1de3cf9fed5d2dfefb0845bee17db2f92171f128c5392eb92f0f07d9b4bf

krb5-devel-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: f69b9c7e8a0927f67cef25288d9e35d5fc9add8cd8a604a6201f9c175169f13a

krb5-libs-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: 1ff0f7b0e13219bc5c665373898aad5cd014c0216896b2037050eae312d09afa

krb5-pkinit-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: a6352d2b76d66f604f1f91b0f1557cb3039fc97ca6faf2ecf673d387953ab253

krb5-server-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: ec2fb69783e2cfea019392bddec68f0de6d63140b433762ee860fd696473f339

krb5-server-ldap-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: cb7bfcc44c7cf267a07db3da6a1dd8185a0b9ac0fc6ac111ba9ef7e1bc55dd05

krb5-workstation-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: df4558b15d70d8a279cc7706b8c102d65d48462c9175be528a994169e5f5701e

libkadm5-1.15.1-55.el7_9.ppc64le.rpm

SHA-256: f6ff9e9c64492e65c1a9a72a20a2cc98e7362807771129117d3231e9a5971488

Related news

Gentoo Linux Security Advisory 202310-06

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Ubuntu Security Notice USN-5828-1

Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8827-01

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-8662-01

Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8669: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Security Advisory 2022-8639-01

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8638-01

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8640-01

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8648-01

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8641-01

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8637-01

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8648: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8641: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8639: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8638: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8637: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Debian Security Advisory 5287-1

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

Debian Security Advisory 5286-1

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).