Source
Red Hat Security Data
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-2998...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels (...
An update for sssd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: shell command injection in sssctl (CVE-2021-3621) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3621: sssd: shell co...
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) liste...
An update for rh-dotnet50-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to ...
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). * Red Hat Product Security has rated this update as having a "Moderate" security impact. * A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the references section.New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. 2. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. 3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM). Security Fixes The release of RHACS 3.64 provides the following security fixes: *...
Red Hat OpenShift Container Platform release 4.6.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.42. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:3008 Security Fix(es): * net: lookup functions may return invalid host names(CVE-2021-33195) * net/http/httputil: ReverseProxy forward...
An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29. Security Fix(es): * dotnet: Dump file created world-readable (CVE-2021-34485) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refe...
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)...
An update for .NET Core 3.1 is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...