Red Hat Security Data

Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to cras...

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For more details about the security ...

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2020:5633 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available a...

An update for xterm is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-27135: xterm: crash when processing combining characters

An update for xterm is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-27135: xterm: crash when processing combining characters

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure (CVE-2020-11947) * QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2020-11947: QEMU: heap buf...

An update for the virt:8.3 module is now available for Red Hat Enterprise Linux Advanced Virtualization 8.3.1.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Related CVEs: * CVE-2020-25707: QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c * CVE-2020-25723: QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c * CVE-2020-27617: QEMU: net: an assert failure via eth_get_gso_type * CVE-2020-27821: QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c * CVE-2020-29443: QEMU: ide: atapi: OOB access while processing read commands * CVE-2020-35517: QEMU: virtiofsd: potential privileged host device access from guest

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1905111) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-7.7.z] [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1907920) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for xterm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-27135: xterm: crash when processing combining characters