#red_hat

An update for xterm is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-27135: xterm: crash when processing combining characters

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure (CVE-2020-11947) * QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2020-11947: QEMU: heap buf...

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.

An update for the virt:8.3 module is now available for Red Hat Enterprise Linux Advanced Virtualization 8.3.1.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Related CVEs: * CVE-2020-25707: QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c * CVE-2020-25723: QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c * CVE-2020-27617: QEMU: net: an assert failure via eth_get_gso_type * CVE-2020-27821: QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c * CVE-2020-29443: QEMU: ide: atapi: OOB access while processing read commands * CVE-2020-35517: QEMU: virtiofsd: potential privileged host device access from guest

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1905111) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-7.7.z] [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1907920) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for xterm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-27135: xterm: crash when processing combining characters

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-7.6.z] [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1907919) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-8.2.0.z] [HPEMC 8.3.z REGRESSION] Regression in intel microcode as of 20201110 (BZ#1907899) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-8.3.0.z] [HPEMC 8.3.z REGRESSION] Regression in intel microcode as of 20201110 (BZ#1907898) Related CVEs: * CVE-2020-8696: hw: Vector Register Leakage-Active