Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6463: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-34903: gpg: Signature spoofing via status line injection
Red Hat Security Data
#vulnerability#linux#red_hat#git#ibm#sap

Synopsis

Moderate: gnupg2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

  • gpg: Signature spoofing via status line injection (CVE-2022-34903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection

Red Hat Enterprise Linux for x86_64 8

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

x86_64

gnupg2-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 913a0d476d71c27ec1d678e5eb20c70cae7905d5b8681a254b750a838d0c0f2f

gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 5d2e6f30720a0a6b227f3877495261b0b68a521df228e1a4d357d2da2e3062c9

gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 65cadfb0f22e1ee1bd7c1d17b701030bab6ff07acc72ff7bef5d8aef329daae5

gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm

SHA-256: f0cb06ef17ee2ae3d1b0bbba5b7470b844e6185b03008e2da0ef1c807ec80abb

gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: e84435c1fce71671ef7117ea501161d7583cfe4c7e55d7aec1e62aeb891e5d6f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

x86_64

gnupg2-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 913a0d476d71c27ec1d678e5eb20c70cae7905d5b8681a254b750a838d0c0f2f

gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 5d2e6f30720a0a6b227f3877495261b0b68a521df228e1a4d357d2da2e3062c9

gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 65cadfb0f22e1ee1bd7c1d17b701030bab6ff07acc72ff7bef5d8aef329daae5

gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm

SHA-256: f0cb06ef17ee2ae3d1b0bbba5b7470b844e6185b03008e2da0ef1c807ec80abb

gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: e84435c1fce71671ef7117ea501161d7583cfe4c7e55d7aec1e62aeb891e5d6f

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

x86_64

gnupg2-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 913a0d476d71c27ec1d678e5eb20c70cae7905d5b8681a254b750a838d0c0f2f

gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 5d2e6f30720a0a6b227f3877495261b0b68a521df228e1a4d357d2da2e3062c9

gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 65cadfb0f22e1ee1bd7c1d17b701030bab6ff07acc72ff7bef5d8aef329daae5

gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm

SHA-256: f0cb06ef17ee2ae3d1b0bbba5b7470b844e6185b03008e2da0ef1c807ec80abb

gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: e84435c1fce71671ef7117ea501161d7583cfe4c7e55d7aec1e62aeb891e5d6f

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

s390x

gnupg2-2.2.20-3.el8_6.s390x.rpm

SHA-256: a4055f9e45e7654aa96c819d0d2dff5a21e14198a5721fa21a0d23fa80e6090c

gnupg2-debuginfo-2.2.20-3.el8_6.s390x.rpm

SHA-256: 99b4cc6e49ec4c7149bb4f2b08021c889e57e2999e043cf74deb7a2a3c4e10bc

gnupg2-debugsource-2.2.20-3.el8_6.s390x.rpm

SHA-256: 99210f73467fca845e160f4f67cb2f0f25b8e36a4e7abc6827e18b333d66e144

gnupg2-smime-2.2.20-3.el8_6.s390x.rpm

SHA-256: e5f9c5959ac41a344319b2ec666e2c1bf5b3bc38e64088c3e425e91c00ced540

gnupg2-smime-debuginfo-2.2.20-3.el8_6.s390x.rpm

SHA-256: 00c64e42290ab6a732f074ca6fdb6a34ab01a9bbc3ae8692be8836bc5b6be339

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

s390x

gnupg2-2.2.20-3.el8_6.s390x.rpm

SHA-256: a4055f9e45e7654aa96c819d0d2dff5a21e14198a5721fa21a0d23fa80e6090c

gnupg2-debuginfo-2.2.20-3.el8_6.s390x.rpm

SHA-256: 99b4cc6e49ec4c7149bb4f2b08021c889e57e2999e043cf74deb7a2a3c4e10bc

gnupg2-debugsource-2.2.20-3.el8_6.s390x.rpm

SHA-256: 99210f73467fca845e160f4f67cb2f0f25b8e36a4e7abc6827e18b333d66e144

gnupg2-smime-2.2.20-3.el8_6.s390x.rpm

SHA-256: e5f9c5959ac41a344319b2ec666e2c1bf5b3bc38e64088c3e425e91c00ced540

gnupg2-smime-debuginfo-2.2.20-3.el8_6.s390x.rpm

SHA-256: 00c64e42290ab6a732f074ca6fdb6a34ab01a9bbc3ae8692be8836bc5b6be339

Red Hat Enterprise Linux for Power, little endian 8

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

ppc64le

gnupg2-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2064ec5910d0ed774eac9fe1682041ad4e5a97f251f42635680aeda062583333

gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2fcc40355f1ea340d6dc30919c483d3965a6768e790b66eb52ea6ffc2e0e08fd

gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 5aeab710d037d98c6ce43b9a9b5e5f92259073146f56418468dfe7616f2fecb2

gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 6a3a9468d42450333ae2afad49157edced4851220c6b62ba5ab2c989dc8de009

gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 86d1d5b3aa0abd052aa4373f8f7fcd5f2990e44140c3d1045dfdca21c5400517

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

ppc64le

gnupg2-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2064ec5910d0ed774eac9fe1682041ad4e5a97f251f42635680aeda062583333

gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2fcc40355f1ea340d6dc30919c483d3965a6768e790b66eb52ea6ffc2e0e08fd

gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 5aeab710d037d98c6ce43b9a9b5e5f92259073146f56418468dfe7616f2fecb2

gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 6a3a9468d42450333ae2afad49157edced4851220c6b62ba5ab2c989dc8de009

gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 86d1d5b3aa0abd052aa4373f8f7fcd5f2990e44140c3d1045dfdca21c5400517

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

x86_64

gnupg2-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 913a0d476d71c27ec1d678e5eb20c70cae7905d5b8681a254b750a838d0c0f2f

gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 5d2e6f30720a0a6b227f3877495261b0b68a521df228e1a4d357d2da2e3062c9

gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 65cadfb0f22e1ee1bd7c1d17b701030bab6ff07acc72ff7bef5d8aef329daae5

gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm

SHA-256: f0cb06ef17ee2ae3d1b0bbba5b7470b844e6185b03008e2da0ef1c807ec80abb

gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: e84435c1fce71671ef7117ea501161d7583cfe4c7e55d7aec1e62aeb891e5d6f

Red Hat Enterprise Linux for ARM 64 8

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

aarch64

gnupg2-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 4548508b652945513e9ad1c43de5328dcb80d98da305497d65230081525180f1

gnupg2-debuginfo-2.2.20-3.el8_6.aarch64.rpm

SHA-256: ad1d71e33c16fad1b1e6889d860910cb7f1a07d0651540c9b865da71f48c8ccf

gnupg2-debugsource-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 1752821e15b54a2717554064439c75919de2902ad73a1423304e153e129a58b3

gnupg2-smime-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 6a4f9dd696116c9bf3b81ba7bcc7d4268e4243897a8ca1b72a88abbcfd9141c2

gnupg2-smime-debuginfo-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 4767254cc88e5fbdc4f54b40b6c58ce810969fd3f833c9f64cfa10ab779b9ddb

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

aarch64

gnupg2-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 4548508b652945513e9ad1c43de5328dcb80d98da305497d65230081525180f1

gnupg2-debuginfo-2.2.20-3.el8_6.aarch64.rpm

SHA-256: ad1d71e33c16fad1b1e6889d860910cb7f1a07d0651540c9b865da71f48c8ccf

gnupg2-debugsource-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 1752821e15b54a2717554064439c75919de2902ad73a1423304e153e129a58b3

gnupg2-smime-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 6a4f9dd696116c9bf3b81ba7bcc7d4268e4243897a8ca1b72a88abbcfd9141c2

gnupg2-smime-debuginfo-2.2.20-3.el8_6.aarch64.rpm

SHA-256: 4767254cc88e5fbdc4f54b40b6c58ce810969fd3f833c9f64cfa10ab779b9ddb

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

ppc64le

gnupg2-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2064ec5910d0ed774eac9fe1682041ad4e5a97f251f42635680aeda062583333

gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 2fcc40355f1ea340d6dc30919c483d3965a6768e790b66eb52ea6ffc2e0e08fd

gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 5aeab710d037d98c6ce43b9a9b5e5f92259073146f56418468dfe7616f2fecb2

gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 6a3a9468d42450333ae2afad49157edced4851220c6b62ba5ab2c989dc8de009

gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

SHA-256: 86d1d5b3aa0abd052aa4373f8f7fcd5f2990e44140c3d1045dfdca21c5400517

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

gnupg2-2.2.20-3.el8_6.src.rpm

SHA-256: ee0b256910f5a5c153f5c04fc0bdbe9ebfd0c33769c7c446f9f0cebe8f82dc01

x86_64

gnupg2-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 913a0d476d71c27ec1d678e5eb20c70cae7905d5b8681a254b750a838d0c0f2f

gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 5d2e6f30720a0a6b227f3877495261b0b68a521df228e1a4d357d2da2e3062c9

gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm

SHA-256: 65cadfb0f22e1ee1bd7c1d17b701030bab6ff07acc72ff7bef5d8aef329daae5

gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm

SHA-256: f0cb06ef17ee2ae3d1b0bbba5b7470b844e6185b03008e2da0ef1c807ec80abb

gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

SHA-256: e84435c1fce71671ef7117ea501161d7583cfe4c7e55d7aec1e62aeb891e5d6f

Related news

Gentoo Linux Security Advisory 202408-23

Gentoo Linux Security Advisory 202408-23 - Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing. Versions greater than or equal to 2.4.4 are affected.

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

RHSA-2022:7313: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

Red Hat Security Advisory 2022-7261-01

Red Hat Security Advisory 2022-7261-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

RHSA-2022:7055: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-31129: moment: inefficient parsing algorithm resulting ...

RHSA-2022:6954: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

Red Hat Security Advisory 2022-6602-01

Red Hat Security Advisory 2022-6602-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2022-6537-01

Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:6602: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34903: gpg: Signature spoofing via status line injection

RHSA-2022:6537: Red Hat Security Advisory: Moderate:OpenShift Container Platform 4.11.5 security and extras update

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Red Hat Security Advisory 2022-6463-01

Red Hat Security Advisory 2022-6463-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

Ubuntu Security Notice USN-5503-2

Ubuntu Security Notice 5503-2 - USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

Ubuntu Security Notice USN-5503-1

Ubuntu Security Notice 5503-1 - Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

CVE-2022-34903: ⚓ T6027 Revisit write_status_text_and buffer

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.