Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisoryinformation leakbuffer overflowMageia: Nginx Critical Buffer Over-read Vuln MGASA-2025-0245 CVE-2025-53859
MGASA-2025-0245 - Updated nginx package fixes security vulnerability. MGASA-2025-0245 - Updated nginx package fixes security vulnerability Publication date: 22 Oct 2025 URL: https://advisories.mageia.org/MGASA-2025-0245.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-53859 Description: It was discovered that nginx contains a security issue in the ngx_mail_smtp_module which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server (CVE-2025-53859). References: - https://bugs.mageia.org/show_bug.cgi?id=34585 - https://www.openwall.com/lists/oss-security/2025/08/13/5 - https://www.cve.org/CVERecord?id=CVE-2025-53859 SRPMS: - 9/core/nginx-1.26.3-1.1.mga9 . Updated nginx package in Mageia addresses a buffer overflow issue leading to possible sensitive data leaks.. Mageia nginx security fix, buffer over-read, information leak patch. . Severity: Critical. LinuxSecurity.com Team
Oct 22, 2025
•Critical
Mageia
98
security advisoryRed Hatsecurity impactRed Hat OpenShift: RHSA-2023-2710-01 Moderate: Single Sign-On Image Update
A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.6.3 for OpenShift image security update Advisory ID: RHSA-2023:2710-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:2710 Issue date: 2023-05-10 CVE Names: CVE-2021-0341 CVE-2022-4492 CVE-2022-38752 CVE-2022-41854 CVE-2022-41881 CVE-2022-45787 CVE-2023-0361 CVE-2023-0482 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform (from therelease of 3.11up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492) * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787) * RESTEasy: creation of insecure temp files (CVE-2023-0482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode 2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow 2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function 2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 5.References: https://access.redhat.com/security/cve/CVE-2021-0341 https://access.redhat.com/security/cve/CVE-2022-4492 https://access.redhat.com/security/cve/CVE-2022-38752 https://access.redhat.com/security/cve/CVE-2022-41854 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2022-45787 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0482 https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFvaOtzjgjWX9erEAQg2+A/+OdNvUaOHT3XdOuCFi6It3ltdIBRSNWht nvJBfZn26/jCUlTMlaxKk/0Bpu6ZRDFtMy84BthGHGmzatr2dOe609HUA5rCihpX jD/V8GhyeYjoySoTrb25cR5EvGax6AERwU7rjfYiMiobSDJ9KzIQlY7upfsKJybR yCxhUi1UBEMS/u+NGsn0fRi6HBZpqAavbhE0ekkOY50b2740R0fBOBVOed9soiAr jh79WftpT8tbWGy06Ps4tgr6I+KsT692yaO8lWymkiqrXGzKiJHlEi1ewfndUcZc aBXo8b0HxQS2RXagrXOPBWqQe8x0okSEtErW4/UUmDPeZZN0YsfdKj7mRKoN20/L keGkUMIppCRAdMn2SL0m+alE//aw0VIk1DgmfW1fh92f9AcoCo0j2YXcoELWULIH IQ/Fq1JDmIddewS8SN5LZCxUFZ3F2IRnKGjcOHhe0s575hQDQ6JpTFe6OS7VuK65 oEIDvZVLn7O8IgU1hf/HaI15AbOprQoS1qj70gZh8u1Xc82t1trFf/Cas+jtEIRA 0+a/BQbhxpXe5ujFLGDuqWFc805gGfSf6dclMNJWrjFZIjHOY8DJMauaNt4AV17r PYvLlVSlt8ke1ADuYxH0KwrkDhq6kpOlBLaTwRTSrbQ3VLadT/4xIW6Fu3awhzKI hbRyeh4APRs=6dZN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 10, 2023
Red Hat
98
security advisorycritical updatesecurity impactRed Hat OpenShift 7.6.2 Advisory RHSA-2023-1047-01 Critical Security Update
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update Advisory ID: RHSA-2023:1047-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1047 Issue date: 2023-03-01 CVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358 CVE-2020-11022 CVE-2021-35065 CVE-2021-44906 CVE-2022-1274 CVE-2022-1438 CVE-2022-1471 CVE-2022-2764 CVE-2022-3782 CVE-2022-3916 CVE-2022-4039 CVE-2022-24785 CVE-2022-25857 CVE-2022-31129 CVE-2022-37603 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-40149 CVE-2022-40150 CVE-2022-40303 CVE-2022-40304 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46175 CVE-2022-46363 CVE-2022-46364 CVE-2022-47629 CVE-2023-0091 CVE-2023-0264 CVE-2023-21835 CVE-2023-21843 ==================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-onsolution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * keycloak: minimist: prototype pollution (CVE-2021-44906) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode(CVE-2022-38749) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use within the Red Hat OpenShift Container Platform (from the release of 3.11up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improperinjQuery.htmlPrefilter method 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances 2066009 - CVE-2021-44906 minimist: prototype pollution 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 2143416 - CVE-2022-4039 rhsso-operator: unsecured management interface exposed to adjecent network 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) causeStackOverflowError which may lead to dos 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code 5.References: https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-1274 https://access.redhat.com/security/cve/CVE-2022-1438 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-4039 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-38749 https://access.redhat.com/security/cve/CVE-2022-38750 https://access.redhat.com/security/cve/CVE-2022-38751 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46363 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0091 https://access.redhat.com/security/cve/CVE-2023-0264 https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY//t1dzjgjWX9erEAQia2w/+OL2GUzx63gPKwDpJXSFQEA2gn7Bu3FcP Vs6FCL7PpZ0u4i0/5n7bzpGf4qGlHbbuVUw7Y4sHdHhKSI+boX54pjrJX1ccfznn Lg/ENsMmzXen9MvjH5b1D3W7Mho7skUuCVCBu5y7cCOdOxUohyRzLkny/NjQ1nD6 eRDbj/qSRJNEvV7JqUvRhwaSiJK7qQtXsPV7FEDdUq0YwTnGJsKJXc67lAuJphZT bYVNCHfZrfakuAnj4eR8rX+iacPlZY6a0sYbyyT/uHw27oiNpXwPtoNCSkDwmjZ3 IxKNjpap3zOJUou+XDj/4uBSALftooJnxTi++8lqK0BLpXeQLd83SeP9IiYmnCD+ CtHnfbeFYKVFPyGWIUUddVCJOv4qznlIqxvWcgy0b1xi32ZFaqGTFZNmt/6Is06y AO+yv7UE0cxthEqQASwlRWpct797Tdd4culodXiF/OBKAmznzmMt/MLWgZ7WiszD q5ECUJNlcLsSB2E+RCXswVzZU8DwlH0DV/rqJ7+c5y0HH+veMXKY/GqIcUJwRx/b 8Q6kskM6p9UB9j5r1GpRlnWMuQicw5RuC5sY/tPbMhUnMxPzKHeI0GatQRZrAE+0 iwPVbzdWk25PdKb/2LXdKruqcLv9INvvN0jwEUG6vKXJU4HwANLCc3MItJpsnZX4 ZpcQ6Sd41lc=+e7l -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 02, 2023
•Important
Red Hat
98
security advisorymoderateRed HatRedHat: RHSA-2022-0445:02 Moderate Update for SSO 7.4.10 Image
A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJ9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update Advisory ID: RHSA-2022:0445-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0445 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJ9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accountsfor web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content: 1. On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example: $ oc login -u system:admin 2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands: $ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ } done 3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands: $ oc -n openshift import-image redhat-sso74-openshift:1.0 4. Bugs fixed(https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): CIAM-2059 - [log4j 1.x] test OCP image for ibm p/z 6. References: https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat,Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgIBQtzjgjWX9erEAQh4vg//fCr9ffrrRDFgkpaz6ZtefamH1NRmbILJ J7YHqnEssNdYduNGZ/QcmCqw5HOSRLlxm0gv+T0D4Kp7J2cxBTxzr6tqdtxfRmWi 2BizRHLLxwk8qe3NSwKhhTQaA82gtFOuZNOsKY6cHKG9qrFGygEYNVTsoYtQQnvt dAUTV1fx6ZaBYEsAhmAqLZPt9l6Y6ceqpj6m8h1+fXvJlsMvIErdE1iKWkughPdo jl4DgazyehFoXzU18MGfTPJbyLYUaIbpiPzFjiHKsfJZNdgr9tPTGblWnBoadqNg bpFjTP/JPkhKC0D7PXihSkNXYKnHdS9B5OfW2rFC1kiMpnngZ+v8/z/a0aUb4B0l VgUzrwKq8V2B2PDuPW32MdEfWDQOUizsQPUriwXIeP5+llAl93ip/J96hpq5P3N3 KmcERsBz0C0Z3QUZHKzVfQkByvEOEd9n762yEOaDo5uXOIoGih7lQRB9qgCDXtBa 38cCs2RQwc6+Hy8u/4YCFC7Px0bG8KsXviuvuIZj2mkvm0iaqitPVwdnZwDSSZkS Idegg8wmPYFKpv2xr37Zxic7k6S4AIIhpSA/KS63jq9iMQANM0JaZtSeCcFXhRqn mAxVk3W4ly1HnO8y0sNCrItM3wR8R2j/Pcb0STFtqjKbDealHs6OjyNwdV/IeufJ v/ITgNNeG9Q=k/kr -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 08, 2022
Red Hat
98
security advisoryRed Hatcritical fixRed Hat: RHSA-2022:0408 Critical Security Update for SSO 7.4.10 Released
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.4.10 security update Advisory ID: RHSA-2022:0408-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2022:0408 Issue date: 2022-02-02 CVE Names: CVE-2021-3859 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.10 serves as a replacement for Red Hat Single Sign-On 7.4.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * undertow: client side invocation timeout raised when calling over HTTP and HTTP2 (CVE-2021-3859) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and soon. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): CIAM-1977 - [CVE-2021-3859 (undertow)] One-off patch for RH-SSO 7.4.10 ZIP distribution 6. References: https://access.redhat.com/security/cve/CVE-2021-3859 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfq9HNzjgjWX9erEAQjxixAAlk+sFKQxO4l1FuUI3JShzog4Wy28hUPu ZhtNCCpAqa3qleB6YpJKg8Q4s5lLySEGKFPAQ3BR73hYPUz5+oR0VdJlA/50xKwo HUtTzeD0q1/FgJfwBGlHk9VQ1OPQiTj/u10FruvbNd6PNeLbRNiMoLr3IegW/1/8 xYgH8fomayrcH97S6gB9xzkRfJbFdLZ6IF0TTmhiekkOsDeZ/dnMkWTvtNaqL6K0 Qi42tVmG7TiQaW1AouNDWX9sRDwA58wo5Yxburgn/ufxcG+tSVU8f/hpNc151LcU L6PTGo3cbNNgqZ5TL/4iZWf7oxSHJcSwC0xFDqHscrUDgyI9XjKmc18ohuZFaoIa 2tNRse+yVqN29ckf56lqne62YgShtxFAq35gIlprAV3pS0PRU1sXs2nY0LtuzgCz 3+ycgRV70rmoBgXsUOpHKu6+X0QXXlY6qoNAQQUXFb+Y1ZCI+S/ElHJB+oE7etpf 4+SkmSh6CjmYSHNZbnPM6LijJrOXT7NnPjAJ5UT9v3CFMXpKqx49qSrpi1pGusWn ZTmukqnnPGeZ2hqD9R1TTCXlysOYXnBEGAUvU2KBYjwjjfb1DzS/j6qCMRxbU1HT qbY0DwLNbshLTs6dxvA7Qj0X69PTYXES1QU8fPZmuDjm8GTKN6B07e4Yj8Y6srs2 QxYGiPm9AjM=Vs3b -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 02, 2022
•Important
Red Hat
89
security advisoryFedorasecurity fixFedora 22: 2015-11374 Moderate: Hostapd NDEF Record Length Fix
apply fix for NDEF record payload length checking. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-11374 2015-07-13 16:42:43 -------------------------------------------------------------------------------- Name : hostapd Product : Fedora 22 Version : 2.4 Release : 3.fc22 URL : http://w1.fi/hostapd/ Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Description : hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. -------------------------------------------------------------------------------- Update Information: apply fix for NDEF record payload length checking -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 10 2015 John W. Linville - 2.4-3 - apply fix for NDEF record payload length checking * Fri May 15 2015 John W. Linville - 2.4-2 - apply fix for underflow in WMM action frame parser * Tue Apr 21 2015 John W. Linville - 2.4-1 - Update to version 2.4 from upstream - Enable support for IEEE802.11r and IEEE802.11ac -------------------------------------------------------------------------------- References: [ 1 ] Bug #1241905 - hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation https://bugzilla.redhat.com/show_bug.cgi?id=1241905 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update hostapd' at the command line. For more information, refer to "Managing Software withyum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jul 23, 2015
•Important
Fedora
89
security advisoryhigh severityfedoraFedora Core 3: Severe OpenSSL Denial of Service Issue - FEDORA-2005-809
Update package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-807 2005-08-25 ---------------------------------------------------------------------Product : Fedora Core 3 Name : freeradius Version : 1.0.1 Release : 2.FC3.1 Summary : High-performance and highly configurable free RADIUS server. Description : The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many more features than Cistron or Livingston, and is much more configurable. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. There are also RADIUS clients available for Web servers, firewalls, Unix logins, and more. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users. ---------------------------------------------------------------------* Wed Aug 24 2005 Thomas Woerner 1.0.1-2.FC3.1 - Fixed buffer overflow and possible SQL injection attacks in rlm_sql CAN-2005-1454, CAN-2005-1455 (#156942) ---------------------------------------------------------------------This update can be downloaded from: 9962dba5d86ccd7cda65d258c5fc26dd SRPMS/freeradius-1.0.1-2.FC3.1.src.rpm 4560108a586bc70b856f2d92f762184d x86_64/freeradius-1.0.1-2.FC3.1.x86_64.rpm d0f7fb5fdca5e19dfbd2865c43b1372c x86_64/freeradius-mysql-1.0.1-2.FC3.1.x86_64.rpm 3b1ed183ccbe1a551873665dfa47d27b x86_64/freeradius-postgresql-1.0.1-2.FC3.1.x86_64.rpm f774f3e506542a147a9c437fd9827f32 x86_64/freeradius-unixODBC-1.0.1-2.FC3.1.x86_64.rpm 406c64ae72f8dceb89e9feb41d441b29 x86_64/debug/freeradius-debuginfo-1.0.1-2.FC3.1.x86_64.rpm b36869ec31ed8bfc5f65cf661aefc9ac i386/freeradius-1.0.1-2.FC3.1.i386.rpm 11bf8030e7219afe25494be0ee264d79 i386/freeradius-mysql-1.0.1-2.FC3.1.i386.rpm 61a988c6a68de067cd7062e76c09e8f8 i386/freeradius-postgresql-1.0.1-2.FC3.1.i386.rpm b1e62440dc7bbb5754332d451d12c804 i386/freeradius-unixODBC-1.0.1-2.FC3.1.i386.rpm 1dc5d3ee6f3a76fc6e469e41df900bfd i386/debug/freeradius-debuginfo-1.0.1-2.FC3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ----------------------------------------------------------------------- fedora-announce-list mailing list
Aug 25, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!