Security
Headlines
HeadlinesLatestCVEs

Tag

#red_hat

RHSA-2021:0516: Red Hat Security Advisory: Release of OpenShift Serverless 1.13.0 security update

Release of OpenShift Serverless 1.13.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.Red Hat OpenShift Serverless 1.13.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. Related CVEs: * CVE-2020-26160: jwt-go: access restrict...

Red Hat Security Data
#vulnerability#red_hat
RHSA-2021:0423: Red Hat Security Advisory: OpenShift Container Platform 4.6.17 security and packages update

Red Hat OpenShift Container Platform release 4.6.17 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.17. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0424 Security Fix(es): * jenkins: XSS vulnerability in notification bar (CVE-2021-21603) * jenkins: Improper handling of REST API XML deserialization er...

RHSA-2021:0603: Red Hat Security Advisory: Red Hat Decision Manager 7.10.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.10.0 serves as an update to Red Hat Decision Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate-core-kie-server-ee8: hibernate-core: SQL injection vulnerability when both hibernate.use_sql_com...

RHSA-2021:0600: Red Hat Security Advisory: Red Hat Process Automation Manager 7.10.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.10.0 serves as an update to Red Hat Process Automation Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate-core-kie-server-ee8: hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String li...

RHSA-2021:0599: Red Hat Security Advisory: redhat-ds:11 security and bug fix update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.1 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration, the Administration Server HTTP agent package, and the GUI console packages. Security Fix(es): * 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHDS11: “write” permission of ACI changes ns...

RHSA-2021:0568: Red Hat Security Advisory: OpenShift Container Platform 4.6 file-integrity-operator image security update

A new file-integrity-operator image update is now available for OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This adds: * Usability enhancements: better integrity status view in the CLI. * FileIntegrity custom resource update fixes. Security Fix(es): * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2020-28362: golang: math/big: panic during recursive division of very large numbers

RHSA-2021:0538: Red Hat Security Advisory: nss security and bug fix update

An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-6829: nss: Side channel attack on ECDSA signature generation * CVE-2020-12400: nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function * CVE-2020-12401: nss: ECDSA timing attack mitigation bypass * CVE-2020-12403: nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

RHSA-2021:0538: Red Hat Security Advisory: nss security and bug fix update

An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): *...

RHSA-2021:0537: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree...

RHSA-2021:0557: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2020-12723: perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS