Red Hat Security Advisory 2023-7860-03 - Red Hat build of Keycloak 22.0.7 is now available from the Customer Portal. Issues addressed include bypass and cross site scripting vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7860.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Keycloak 22.0.7 enhancement and security updateAdvisory ID:        RHSA-2023:7860-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7860Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: Red Hat build of Keycloak 22.0.7 is now available from the Customer Portal.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat build of Keycloak 22.0.7 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat build of Keycloak 22.0.7 serves as a replacement for Red Hat build of Keycloak 22.0.6, and includes bug fixes, enhancements and security fixes, which are documented in the Release Notes document linked to in the References.Security Fix(es):* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html-single/migration_guide/CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhbk&downloadType=distributions&version=22.0.7https://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407

Red Hat Security Advisory 2023-7860-03

Red Hat Security Advisory 2023-7858-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7858.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.6 security updateAdvisory ID:        RHSA-2023:7858-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7858Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* keycloak: reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)* keycloak: offline session token DoS (CVE-2023-6563)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=patches&version=7.6https://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2253308

Red Hat Security Advisory 2023-7858-03

Red Hat Security Advisory 2023-7857-03 - A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7857.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security updateAdvisory ID:        RHSA-2023:7857-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7857Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.This erratum releases a new image for Red Hat Single Sign-On 7.6.6 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* keycloak: reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)* keycloak: offline session token DoS (CVE-2023-6563)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.6.GA/templates/${resource}CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2253308

Red Hat Security Advisory 2023-7857-03

Red Hat Security Advisory 2023-7856-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7856.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 8Advisory ID:        RHSA-2023:7856-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7856Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* keycloak: reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)* keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* keycloak: offline session token DoS (CVE-2023-6563)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2253308

Red Hat Security Advisory 2023-7856-03

Red Hat Security Advisory 2023-7855-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7855.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 9Advisory ID:        RHSA-2023:7855-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7855Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* keycloak: reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)* keycloak: offline session token DoS (CVE-2023-6563)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2253308

Red Hat Security Advisory 2023-7855-03

Red Hat Security Advisory 2023-7854-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7854.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 7Advisory ID:        RHSA-2023:7854-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7854Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-6134====================================================================Summary: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* keycloak: reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6291)* keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6134)* keycloak: offline session token DoS (CVE-2023-6563)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6134References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2253308

Red Hat Security Advisory 2023-7854-03

Red Hat Security Advisory 2023-7851-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include cross site scripting and local file inclusion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7851.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Satellite 6.14.1 Async Security Update  
Advisory ID:        RHSA-2023:7851-03  
Product:            Red Hat Satellite 6  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7851  
Issue date:         2023-12-14  
Revision:           03  
CVE Names:          CVE-2023-4886  
====================================================================

Summary: 

Updated Satellite 6.14 packages that fixes Important security bugs and several  
regular bugs are now available for Red Hat Satellite.

Description:

Red Hat Satellite is a system management solution that allows organizations  
to configure and maintain their systems without the necessity to provide  
public Internet access to their servers or other client systems. It  
performs provisioning and configuration management of predefined standard  
operating environments.

Security fix(es):

* rubygem-actionpack: actionpack: Possible XSS via User Supplied Values to redirect_to [rhn_satellite_6.14] (CVE-2023-28362)

* foreman: World readable file containing secrets [rhn_satellite_6.14] (CVE-2023-4886)

* python-urllib3: urllib3: Request body not stripped after redirect from 303 status changes request method to GET [rhn_satellite_6-default] (CVE-2023-45803 )

*  python-gitpython: GitPython: Blind local file inclusion [rhn_satellite_6-default] (CVE-2023-41040)

This update fixes the following bugs:

2250342 - REX job finished with exit code 0 but the script failed on client side due to no space.  
2250343 - Selinux denials are reported after following \"Chapter 13. Managing Custom File Type Content\" chapter step by step  
2250344 - Long running postgres threads during content-export  
2250345 - Upgrade django-import-export package to at least 3.1.0  
2250349 - After upstream repo switched to zst compression, Satellite 6.12.5.1 unable to sync  
2250350 - Slow generate applicability for Hosts with multiple modulestreams installed  
2250352 - Recalculate button for Errata is not available on Satellite 6.13/ Satellite 6.14 if no errata is present  
2250351 - Actions::ForemanLeapp::PreupgradeJob fails with null value in column \"preupgrade_report_id\" violates not-null constraint when run with non-admin user  
2251799 - REX Template for 'convert2rhel analyze' command  
2254085 - Getting '/usr/sbin/foreman-rake db:migrate' returned 1 instead of one of [0] ERROR while trying to upgrade Satellite 6.13 to 6.14   
2254080 - satellite-convert2rhel-toolkit rpm v1.0.0 in 6.14.z

Users of Red Hat Satellite are advised to upgrade to these updated  
packages, which fix these bugs.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4886

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_red_hat_satellite_to_6.14/index  
https://bugzilla.redhat.com/show_bug.cgi?id=2217785  
https://bugzilla.redhat.com/show_bug.cgi?id=2230135  
https://bugzilla.redhat.com/show_bug.cgi?id=2246840  
https://bugzilla.redhat.com/show_bug.cgi?id=2247040  
https://bugzilla.redhat.com/show_bug.cgi?id=2250342  
https://bugzilla.redhat.com/show_bug.cgi?id=2250343  
https://bugzilla.redhat.com/show_bug.cgi?id=2250344  
https://bugzilla.redhat.com/show_bug.cgi?id=2250345  
https://bugzilla.redhat.com/show_bug.cgi?id=2250349  
https://bugzilla.redhat.com/show_bug.cgi?id=2250350  
https://bugzilla.redhat.com/show_bug.cgi?id=2250351  
https://bugzilla.redhat.com/show_bug.cgi?id=2250352  
https://bugzilla.redhat.com/show_bug.cgi?id=2251799  
https://bugzilla.redhat.com/show_bug.cgi?id=2254080  
https://bugzilla.redhat.com/show_bug.cgi?id=2254085

Red Hat Security Advisory 2023-7851-03

Red Hat Security Advisory 2023-7845-03 - Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7845.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Integration Camel for Spring Boot 3.20.4 release and security updateAdvisory ID:        RHSA-2023:7845-03Product:            Red Hat IntegrationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7845Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-5072====================================================================Summary: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A security update for 3.20.4 is now available.The purpose of this text-only errata is to inform you about the security issues fixed.Security Fix(es):* JSON-java: parser confusion leads to OOM (CVE-2023-5072)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5072References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4https://bugzilla.redhat.com/show_bug.cgi?id=2246417

Red Hat Security Advisory 2023-7845-03

Red Hat Security Advisory 2023-7842-03 - Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7842.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Integration Camel for Spring Boot 4.0.2 release security updateAdvisory ID:        RHSA-2023:7842-03Product:            Red Hat IntegrationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7842Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-5072====================================================================Summary: Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available.The purpose of this text-only errata is to inform you about the security issues fixed.Security Fix(es):* JSON-java: parser confusion leads to OOM (CVE-2023-5072)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5072References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4https://bugzilla.redhat.com/show_bug.cgi?id=2246417

Red Hat Security Advisory 2023-7842-03

Red Hat Security Advisory 2023-7841-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7841.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer1-plugins-bad-free security updateAdvisory ID:        RHSA-2023:7841-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7841Issue date:         2023-12-14Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Tag

#js