Headline
RHSA-2023:5061: Red Hat Security Advisory: dmidecode security update
An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-12
Updated:
2023-09-12
RHSA-2023:5061 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: dmidecode security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for dmidecode is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
Security Fix(es):
- dmidecode: dump-bin to overwrite a local file (CVE-2023-30630)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
Fixes
- BZ - 2186669 - CVE-2023-30630 dmidecode: dump-bin to overwrite a local file
Red Hat Enterprise Linux for x86_64 9
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
x86_64
dmidecode-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 3fb0eb39ed64b5493fe45dca74005095c99c9c9c64d54ab2d219a17ef3952d1e
dmidecode-debuginfo-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 5e329ecb881ed1d8ffd4dd7d30ef7a6b53be6fe86d7ac19c4dd320e0787718cf
dmidecode-debugsource-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 0219fd9453a8d7677e5797139abd08e51f4a7b752f79b776b3fd08d9e8f8ac9a
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
x86_64
dmidecode-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 3fb0eb39ed64b5493fe45dca74005095c99c9c9c64d54ab2d219a17ef3952d1e
dmidecode-debuginfo-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 5e329ecb881ed1d8ffd4dd7d30ef7a6b53be6fe86d7ac19c4dd320e0787718cf
dmidecode-debugsource-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 0219fd9453a8d7677e5797139abd08e51f4a7b752f79b776b3fd08d9e8f8ac9a
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
x86_64
dmidecode-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 3fb0eb39ed64b5493fe45dca74005095c99c9c9c64d54ab2d219a17ef3952d1e
dmidecode-debuginfo-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 5e329ecb881ed1d8ffd4dd7d30ef7a6b53be6fe86d7ac19c4dd320e0787718cf
dmidecode-debugsource-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 0219fd9453a8d7677e5797139abd08e51f4a7b752f79b776b3fd08d9e8f8ac9a
Red Hat Enterprise Linux for ARM 64 9
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
aarch64
dmidecode-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 253e8f9f5e7f04db6a1c99f00587195171702b7826f7230f6d433752218d6ea9
dmidecode-debuginfo-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 9a4b18a05b530a38c6c0f03cef050000b39ad8a18dd86e86ca5fb0cdc35326ef
dmidecode-debugsource-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 181c96e39cd39fa1ca9342a9cd2a7aeb4505ba1c7f97f27267459a03a86a30da
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
aarch64
dmidecode-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 253e8f9f5e7f04db6a1c99f00587195171702b7826f7230f6d433752218d6ea9
dmidecode-debuginfo-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 9a4b18a05b530a38c6c0f03cef050000b39ad8a18dd86e86ca5fb0cdc35326ef
dmidecode-debugsource-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 181c96e39cd39fa1ca9342a9cd2a7aeb4505ba1c7f97f27267459a03a86a30da
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
x86_64
dmidecode-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 3fb0eb39ed64b5493fe45dca74005095c99c9c9c64d54ab2d219a17ef3952d1e
dmidecode-debuginfo-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 5e329ecb881ed1d8ffd4dd7d30ef7a6b53be6fe86d7ac19c4dd320e0787718cf
dmidecode-debugsource-3.3-7.el9_2.1.x86_64.rpm
SHA-256: 0219fd9453a8d7677e5797139abd08e51f4a7b752f79b776b3fd08d9e8f8ac9a
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
dmidecode-3.3-7.el9_2.1.src.rpm
SHA-256: 0470008699db24b854837f051780c1555c2bb23321935c021b317c8a2a2f487a
aarch64
dmidecode-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 253e8f9f5e7f04db6a1c99f00587195171702b7826f7230f6d433752218d6ea9
dmidecode-debuginfo-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 9a4b18a05b530a38c6c0f03cef050000b39ad8a18dd86e86ca5fb0cdc35326ef
dmidecode-debugsource-3.3-7.el9_2.1.aarch64.rpm
SHA-256: 181c96e39cd39fa1ca9342a9cd2a7aeb4505ba1c7f97f27267459a03a86a30da
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.
Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Red Hat Security Advisory 2023-5061-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.