Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1535: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-4028: kernel: use-after-free in RDMA listen()
  • CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#rce#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-04-26

Updated:

2022-04-26

RHSA-2022:1535 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)
  • kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

  • BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
  • BZ - 2056830 - CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c

Red Hat Enterprise Linux for x86_64 8

SRPM

kpatch-patch-4_18_0-348-1-4.el8.src.rpm

SHA-256: e9b465a5b5dae4a750fecc49eca1adbe97867857c1db552d7592a1b6a4ad037f

kpatch-patch-4_18_0-348_12_2-1-2.el8_5.src.rpm

SHA-256: 272627d1ee173812b27615d39605764c46fdc72e220f53eb786cab5d1269814b

kpatch-patch-4_18_0-348_20_1-1-1.el8_5.src.rpm

SHA-256: e6b7332191e1e8dd1f157bd3e18cc9f4f74879a6c3256119ef93d44ff47916c9

kpatch-patch-4_18_0-348_2_1-1-3.el8_5.src.rpm

SHA-256: c240be1765f2362b87528ea4d2cee0690a10344e9c83b0e2dcbc01ab057c94c5

kpatch-patch-4_18_0-348_7_1-1-3.el8_5.src.rpm

SHA-256: 05bb0a0e86b052761d57c1bed6ec7caab3e864900fa379294033ee9bfd892046

x86_64

kpatch-patch-4_18_0-348-1-4.el8.x86_64.rpm

SHA-256: 9564b6c7e88fc1bd405fa0db914b1da12ffdf697a92b0d7195919766f77ea1b0

kpatch-patch-4_18_0-348-debuginfo-1-4.el8.x86_64.rpm

SHA-256: 4ab92c1e6809e2f779552f564e97411d37768e94147cbea9985f8c2838e88752

kpatch-patch-4_18_0-348-debugsource-1-4.el8.x86_64.rpm

SHA-256: 4f869a9b1a0f3a28d11790b11be3d237024d6f04df0d6e9fc6eb5ff1de2e6934

kpatch-patch-4_18_0-348_12_2-1-2.el8_5.x86_64.rpm

SHA-256: 68d5f66d2fb59a998aa15cfc7bac44732c50fd4453fa4046e057eee67f0c662a

kpatch-patch-4_18_0-348_12_2-debuginfo-1-2.el8_5.x86_64.rpm

SHA-256: 8548c9271a321671f4a7762c0db52d6c7960b2017f41067346900a44090e0742

kpatch-patch-4_18_0-348_12_2-debugsource-1-2.el8_5.x86_64.rpm

SHA-256: a7ee140e96ecab8fe1b7b7dae78dad4d72eb00bea1c66a07925e953719f4311b

kpatch-patch-4_18_0-348_20_1-1-1.el8_5.x86_64.rpm

SHA-256: 355bf349ddc5d4187c5f794b077db74d638e27b6685ceb12e63cd634f6d9242b

kpatch-patch-4_18_0-348_20_1-debuginfo-1-1.el8_5.x86_64.rpm

SHA-256: 6da583bded69a380673ea28e0c2d8860bb4d818a9f9b162024a316a668f8fe56

kpatch-patch-4_18_0-348_20_1-debugsource-1-1.el8_5.x86_64.rpm

SHA-256: 79cd1e070c696ef479e874bc9c1bdea03776bf7d91e6c75468eea18890ca80d3

kpatch-patch-4_18_0-348_2_1-1-3.el8_5.x86_64.rpm

SHA-256: b252c4cdd2eb9b9b68c4520b022175d56f0e03c7fc81af10f7945d68e2c00d17

kpatch-patch-4_18_0-348_2_1-debuginfo-1-3.el8_5.x86_64.rpm

SHA-256: bc5bd549ee7503c76c8b69271cd4b777054555556bf16b162953c9fa06bdcebd

kpatch-patch-4_18_0-348_2_1-debugsource-1-3.el8_5.x86_64.rpm

SHA-256: 96421fbc29ad58c225df59eca3f04a1653158f7733fead01049f94f061e14825

kpatch-patch-4_18_0-348_7_1-1-3.el8_5.x86_64.rpm

SHA-256: e41982784fec569d957acb0ce0245b9c66da2339b9c7b34d8d2780c50e980972

kpatch-patch-4_18_0-348_7_1-debuginfo-1-3.el8_5.x86_64.rpm

SHA-256: 6a4ec58a6270550f681e2af05a05939be031809ed3762022baf6c2b280e0eda9

kpatch-patch-4_18_0-348_7_1-debugsource-1-3.el8_5.x86_64.rpm

SHA-256: a1ace6ac2661b7c35f937fccadc20a565ce53b014868d2231b85748844aaf2fa

Red Hat Enterprise Linux for Power, little endian 8

SRPM

kpatch-patch-4_18_0-348-1-4.el8.src.rpm

SHA-256: e9b465a5b5dae4a750fecc49eca1adbe97867857c1db552d7592a1b6a4ad037f

kpatch-patch-4_18_0-348_12_2-1-2.el8_5.src.rpm

SHA-256: 272627d1ee173812b27615d39605764c46fdc72e220f53eb786cab5d1269814b

kpatch-patch-4_18_0-348_20_1-1-1.el8_5.src.rpm

SHA-256: e6b7332191e1e8dd1f157bd3e18cc9f4f74879a6c3256119ef93d44ff47916c9

kpatch-patch-4_18_0-348_2_1-1-3.el8_5.src.rpm

SHA-256: c240be1765f2362b87528ea4d2cee0690a10344e9c83b0e2dcbc01ab057c94c5

kpatch-patch-4_18_0-348_7_1-1-3.el8_5.src.rpm

SHA-256: 05bb0a0e86b052761d57c1bed6ec7caab3e864900fa379294033ee9bfd892046

ppc64le

kpatch-patch-4_18_0-348-1-4.el8.ppc64le.rpm

SHA-256: 516f20d5c9316ad9d21670ec2a8873d90e41ae9fbe34af34d8136dfd19dbd4d5

kpatch-patch-4_18_0-348-debuginfo-1-4.el8.ppc64le.rpm

SHA-256: 73634e11e7831661205ca47ac3a0269900da371a70a8da143b783bfc57a2c8b8

kpatch-patch-4_18_0-348-debugsource-1-4.el8.ppc64le.rpm

SHA-256: abc32df23ccb4ad3f4df84d9b5f669862f8a25dbba08d2d5dc98cf4f11036717

kpatch-patch-4_18_0-348_12_2-1-2.el8_5.ppc64le.rpm

SHA-256: 6a23385cc493b11f9bae5af3c3b34535b8737294e1c4b25a207d3303881352e0

kpatch-patch-4_18_0-348_12_2-debuginfo-1-2.el8_5.ppc64le.rpm

SHA-256: d53524c592c7bbc9fccf0748663ca1b8e4043568f2b11bac4f814a4e922c23b4

kpatch-patch-4_18_0-348_12_2-debugsource-1-2.el8_5.ppc64le.rpm

SHA-256: d6e3ba9e96471a2dc37f806209c795e552d743f3cf3802ddde6ccbd46c5a89e9

kpatch-patch-4_18_0-348_20_1-1-1.el8_5.ppc64le.rpm

SHA-256: 6dd4063580f0dd6c4f527c4fd8aaa31d879c8f8d4fa3aa80de730cb6af32bd1b

kpatch-patch-4_18_0-348_20_1-debuginfo-1-1.el8_5.ppc64le.rpm

SHA-256: 1b3aa393a651c8b34d18a200c5553adffa0e5a76c2589dd3a9db5fda04e7edba

kpatch-patch-4_18_0-348_20_1-debugsource-1-1.el8_5.ppc64le.rpm

SHA-256: 5ff76df2fc64dd466f5e48e8d7a6604ca036ee1dd6830b0237169751525f8942

kpatch-patch-4_18_0-348_2_1-1-3.el8_5.ppc64le.rpm

SHA-256: d7c5673fb42525a5f8a12bd769f4f7a8995d795bd0a307ae6784fa298da68749

kpatch-patch-4_18_0-348_2_1-debuginfo-1-3.el8_5.ppc64le.rpm

SHA-256: 72bc074e9534ea2eb96470a1c1e1167270e7b428b402f29c66ce3df85c77365c

kpatch-patch-4_18_0-348_2_1-debugsource-1-3.el8_5.ppc64le.rpm

SHA-256: f6fcc2c6546d66573d2eb97050a4a3c21df6aee8aefa2c26562866d0dcd9c13c

kpatch-patch-4_18_0-348_7_1-1-3.el8_5.ppc64le.rpm

SHA-256: e8046bc7d101bd16008af0bd086d8e8ef26874a89f098a1db9cc822275e8d060

kpatch-patch-4_18_0-348_7_1-debuginfo-1-3.el8_5.ppc64le.rpm

SHA-256: 9605793ddf37409ebaf1cb32422d00b8c7582e6e976d735c3cc50bea1f41ee39

kpatch-patch-4_18_0-348_7_1-debugsource-1-3.el8_5.ppc64le.rpm

SHA-256: 9b8156551d4163591461b0eb5715ec6ae329b74d794a6840f0f841d0efce0a44

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-22323: IBM Security Identity Manager buffer overflow CVE-2022-22323 Vulnerability Report

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.

CVE-2021-38874: IBM QRadar information disclosure CVE-2021-38874 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

CVE-2021-38939: IBM QRadar information disclosure CVE-2021-38939 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

CVE-2022-22345: IBM QRadar cross-site scripting CVE-2022-22345 Vulnerability Report

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.

CVE-2022-22312: Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is vulnerable to a denial of service vulnerability (CVE-2022-22323, CVE-2022-22312)

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.

CVE-2022-24889: Build software better, together

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.

CVE-2022-27905: Security Advisory - State Farm

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

CVE-2022-27239: Linux CIFS Utils and Samba - Free Knowledge Base

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

RHSA-2022:1628: Red Hat Security Advisory: web-admin-build security update

Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache

RHSA-2022:1627: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.4 release and security update

Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1626: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.6 release and security update

Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+

RHSA-2022:1420: Red Hat Security Advisory: OpenShift Container Platform 3.11.665 security and bug fix update

Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...

RHSA-2022:1619: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1618: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1617: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

RHSA-2022:1599: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code

CVE-2022-28085: AddressSanitizer: heap-buffer-overflow in function pdf_write_names · Issue #480 · michaelrsweet/htmldoc

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).

CVE-2022-27332: Security Advisory ZAA-2022-01 | Zammad

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

CVE-2022-27331: Security Advisory ZAA-2022-02 | Zammad

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

CVE-2022-29701: Security Advisory ZAA-2022-04 | Zammad

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

CVE-2022-29700: Security Advisory ZAA-2022-03 | Zammad

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.

RHSA-2022:1546: Red Hat Security Advisory: polkit security update

An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash

RHSA-2022:1550: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1552: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char

RHSA-2022:1556: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...

RHSA-2022:1566: Red Hat Security Advisory: container-tools:2.0 security update

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1565: Red Hat Security Advisory: container-tools:3.0 security and bug fix update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty

RHSA-2022:1592: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1557: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...

RHSA-2022:1591: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

RHSA-2022:1555: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1589: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

RHSA-2022:1537: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1540: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

RHSA-2022:1541: Red Hat Security Advisory: maven-shared-utils security update

An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

RHSA-2022:1539: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution