Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Red Hat Security Advisory 2023-2104-01

Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

Packet Storm
#vulnerability#red_hat#dos#memcached#kubernetes#jira
Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-2100-01

Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.

Red Hat Security Advisory 2023-2101-01

Red Hat Security Advisory 2023-2101-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include denial of service and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-2098-01

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2099-01

Red Hat Security Advisory 2023-2099-01 - A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include denial of service and resource exhaustion vulnerabilities.

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

GHSA-2h5h-59f5-c5x9: Rekor's compressed archives can result in OOM conditions

## Summary Two vulnerabilities have been found in Rekor types for archive files JARs and APKs, where Rekor would crash due to out of memory conditions caused by reading archive metadata files into memory without checking their sizes first causing a Denial of Service of Rekor. These vulnerabilities were found through fuzzing with [OSS-Fuzz](https://google.github.io/oss-fuzz/). ## Vulnerability 1: OOM due to large files in META-INF directory of JAR files. ### Summary Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. ### Details As part of verifying a JAR file, Rekor uses the [relic library](http://github.com/sassoftware/relic) to check that the JAR is signed, the signature verifies, and that the hashes in the signed manifest are all valid. This library function reads files within META-INF/ into memory without checking their sizes, resulting in an OOM if the uncompressed file is suffi...

RHSA-2023:2104: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

RHSA-2023:2097: Red Hat Security Advisory: Satellite 6.13 Release

An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1471: A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE). * CVE-2022-22577: A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack. * CVE-2022-...