-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat build of Cryostat security update
Advisory ID:       RHSA-2023:0814-01
Product:           Cryostat
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0814
Issue date:        2023-02-20
CVE Names:         CVE-2022-1996 CVE-2022-47629 
====================================================================
1. Summary:

Updated Cryostat 2 on RHEL 8 container images are now available

2. Description:

The Cryostat 2 on RHEL 8 container images have been updated to fix
"CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled
Key" and to address the following security advisory: RHSA-2023:0625 (see
References)

Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to
these updated images, which contain backported patches to correct these
security issues, fix these bugs and add these enhancements. Users of these
images are also encouraged to rebuild all container images that depend on
these images.

You can find images updated by this advisory in Red Hat Container Catalog
(see References).

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2094982 - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key
2161571 - CVE-2022-47629 libksba: integer overflow to code execution

5. References:

https://access.redhat.com/security/cve/CVE-2022-1996
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/errata/RHSA-2023:0625
https://access.redhat.com/containers
6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY/O75dzjgjWX9erEAQhI6g/9GwacoCcmAHVse+hO/Lyo03HNqnaptYsf
bvAqyo6sKAjEsG1WVjAE4ur2BFw1vG3sGjVjoRIP3SkRlu4eZWw79si+n3HMEmvE
6HJObmOyEPGGOAPeaSsqYn9SmQI1yo4w9PGcALZz+UvkKmUdmg6OG5WLZaWrk1WP
X6eRqzYs1z4cED/wiatzifYc8Gvu9pyslltLFIClz/Dq+7cqCp/LljQgcq6CFID2
tGRp8b+5Oi3CIPGG1pmDcFhJMI9MQ+hPINB9EgHXKp+tHeHoLhE+LhOE1D1MFpXx
z1PmZsJ1+25DWIFUv2tzaAOSdftyK+W5+xHv3kFZXpswPvbBTahu/25w7uhOv8MD
Jr1U0d3wLi0jXufLXGnCFZlun0bmX+F68UDVq+vMlDt4LJbUM+0j5aY/WMxjkwn2
EuKk41Be6nenuwULXKdPpSJRHhs6kCI5uyqzWodPF9Fa4zL3BvgehhK44z6SNYIP
mZ8GvOhH2PaJ6P9vMxvcsf75mYhrntvxHVCGjdZV6EsifBHWgHqkwsAz2jhKUnGn
/8adlLZyWFvGHZYTiOV4Y592OHXT70VLELMASgSo75M8ABo4tnWu7ziMztWclOK7
jEEgmBCtDJ4lvJmXHf8wMSF+oHaKnkMWOAVWQfmk1RCoPqVPbXbROaikZqwlUMQN
WAWOBTrBWLY=az/w
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-0814:01 Important: Red Hat build of Cryostat security

Updated Cryostat 2 on RHEL 8 container images are now available 2

Summary

The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 (see References)
Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-1996 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2023:0625 https://access.redhat.com/containers

Package List


Severity
Advisory ID: RHSA-2023:0814-01
Product: Cryostat
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0814
Issued Date: : 2023-02-20
CVE Names: CVE-2022-1996 CVE-2022-47629

Topic

Updated Cryostat 2 on RHEL 8 container images are now available


Topic


 

Relevant Releases Architectures


Bugs Fixed

2094982 - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key

2161571 - CVE-2022-47629 libksba: integer overflow to code execution


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved