Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoracriticalFedora 43 opentofu Critical Unbounded Allocation Threat 2026-49b5d5c5e6
Update to 1.11.5. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-49b5d5c5e6 2026-02-26 01:08:36.076695+00:00 -------------------------------------------------------------------------------- Name : opentofu Product : Fedora 43 Version : 1.11.5 Release : 1.fc43 URL : https://github.com/opentofu/opentofu Summary : OpenTofu lets you declaratively manage your cloud infrastructure Description : OpenTofu lets you declaratively manage your cloud infrastructure. -------------------------------------------------------------------------------- Update Information: Update to 1.11.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 12 2026 Packit - 1.11.5-1 - Update to 1.11.5 upstream release - Resolves: rhbz#2439332 * Tue Feb 3 2026 Maxwell G - 1.11.4-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Wed Jan 21 2026 Packit - 1.11.4-1 - Update to 1.11.4 upstream release - Resolves: rhbz#2429160 * Fri Jan 16 2026 Fedora Release Engineering - 1.11.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2412594 - CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412594 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-49b5d5c5e6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 26, 2026
•Critical
Fedora
98
security advisorydenial of serviceaccess controlRed Hat RHUI 4.3.0 RHSA-2023:0742-01 Low: Access Control and DoS Fix
An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.3 fixes a security bug, introduces multiple new features, and upgrades underlying Pulp to a Long Term Support (LTS) version. 2. Relevant releases/architectures:. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update Advisory ID: RHSA-2023:0742-01 Product: Red Hat Update Infrastructure Advisory URL: https://access.redhat.com/errata/RHSA-2023:0742 Issue date: 2023-02-13 CVE Names: CVE-2021-44420 CVE-2022-41323 ==================================================================== 1. Summary: An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.3 fixes a security bug, introduces multiple new features, and upgrades underlying Pulp to a Long Term Support (LTS) version. 2. Relevant releases/architectures: RHUI 4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Security Fix(es): * Django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420) * Django: Potential denial-of-service vulnerability in internationalized URLs (CVE-2022-41323) This RHUI update fixes the following bugs: * Previously, `rhui-manager` failed to create an Alternate Content Source package. With this update, the problem is now fixed and you can successfully create an Alternate Content Source package. * With this update, several parts of redundant code have been removed from RHUI. Most notably, the unused `entitlement` argument in the custom repository creation has been removed. Additionally, the Atomic andOSTree functions have been removed because these features have been deprecated in RHUI 4. * Previously, CDS and HAProxy management used a variable called `port`. However, this name is a reserved playbook keyword in Ansible. Consequently, Ansible printed warnings about the use of this variable. With this update, the variable has been renamed to `remote_port` which prevents the warnings. * Previously, when the RHUA installation playbook failed, `rhui-installer` exited with a status of 0, which normally indicates success. With this update, the problem has been fixed, and `rhui-installer` exits with a status of 1, indicating that the RHUA installation playbook has failed. * Previously, RHUI did not accept proxy server settings when adding container images. Consequently, RHUI was unable to synchronize container images if the proxy server configuration was required to access the container registries. With this update, RHUI now accepts proxy settings when they are configured with the container images. As a result, proxy-enabled RHUI environments can now synchronize container images. * With this update, the misaligned text on the repository workflow screen in the rhui-manager text interface has been fixed. This RHUI update introduces the following enhancements: * This update introduces a newer version of Pulp, `3.21.0`. Among other upstream bug fixes and enhancements, this version changes how Pulp manages ambiguous CDN repodata that contains a duplicate package name-version-release string. Instead of failing, Pulp logs a warning and allows the affected repository to be synchronized.(BZ#2134277) * A new `rhui-manager` command is now available, `rhui-manager [--noninteractive] cds reinstall --all`. With this command, you can reinstall all of your CDS nodes using a single command. Additionally, you do not need to specify any of the CDS host names. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions on how to applythis update, see: https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure For other information, see the product documentation: https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4 5. Bugs fixed (https://bugzilla.redhat.com/): 2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths 2134277 - Using mirroring by default leads to errors with RH repos 2136130 - CVE-2022-41323 python-django: Potential denial-of-service vulnerability in internationalized URLs 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): RHUI-124 - Creating an alternate source configuration RPM is broken RHUI-149 - Unused "entitlement" argument in custom repo creation RHUI-169 - [WARNING]: Found variable using reserved name: port RHUI-214 - Removal of atomic and OSTree client code RHUI-296 - Update pulp to latest LTS version RHUI-336 - rhui-installer exits with 0 even if the RHUA installation playbook fails RHUI-341 - RFE: reinstall all CDS nodes in one simple step RHUI-355 - Can't sync an ARM64 container RHUI-94 - slightly incorrect formatting on the wf screen 7. Package List: RHUI 4 for RHEL8: Source: createrepo_c-0.20.1-1.0.1.el8ui.src.rpm libcomps-0.1.18-4.0.1.el8ui.src.rpm libsolv-0.7.22-4.0.1.el8ui.src.rpm pulpcore-selinux-1.3.2-1.0.1.el8ui.src.rpm python-aiodns-3.0.0-4.1.1.el8ui.src.rpm python-aiofiles-22.1.0-1.0.1.el8ui.src.rpm python-aiohttp-3.8.1-3.0.1.el8ui.src.rpm python-aiohttp-xmlrpc-1.5.0-2.0.1.el8ui.src.rpm python-aioredis-2.0.1-2.0.1.el8ui.src.rpm python-aiosignal-1.2.0-2.0.1.el8ui.src.rpm python-asgiref-3.5.2-1.0.1.el8ui.src.rpm python-async-timeout-4.0.2-2.0.1.el8ui.src.rpm python-asyncio-throttle-1.0.2-4.1.1.el8ui.src.rpm python-attrs-21.4.0-2.0.1.el8ui.src.rpm python-backoff-2.1.2-1.0.1.el8ui.src.rpm python-brotli-1.0.9-2.0.1.el8ui.src.rpm python-cchardet-2.1.7-4.0.1.el8ui.src.rpm python-charset-normalizer-2.1.1-1.0.1.el8ui.src.rpm python-click-8.1.3-1.0.1.el8ui.src.rpm python-defusedxml-0.7.1-3.0.1.el8ui.src.rpm python-deprecated-1.2.13-1.0.1.el8ui.src.rpm python-diff-match-patch-20200713-3.0.1.el8ui.src.rpm python-django-3.2.16-1.0.1.el8ui.src.rpm python-django-currentuser-0.5.3-5.0.1.el8ui.src.rpm python-django-filter-22.1-2.0.1.el8ui.src.rpm python-django-guid-3.3.0-1.0.1.el8ui.src.rpm python-django-import-export-2.8.0-1.0.1.el8ui.src.rpm python-django-lifecycle-1.0.0-1.0.1.el8ui.src.rpm python-django-readonly-field-1.1.1-3.0.1.el8ui.src.rpm python-djangorestframework-3.13.1-2.0.1.el8ui.src.rpm python-djangorestframework-queryfields-1.0.0-6.1.1.el8ui.src.rpm python-drf-access-policy-1.1.2-1.0.1.el8ui.src.rpm python-drf-nested-routers-0.93.4-3.0.1.el8ui.src.rpm python-drf-spectacular-0.23.1-1.0.1.el8ui.src.rpm python-dynaconf-3.1.9-1.0.1.el8ui.src.rpm python-ecdsa-0.14.1-2.0.1.el8ui.src.rpm python-et-xmlfile-1.1.0-2.0.3.el8ui.src.rpm python-frozenlist-1.3.0-2.0.1.el8ui.src.rpm python-future-0.18.2-5.0.1.el8ui.src.rpm python-gnupg-0.5.0-1.0.1.el8ui.src.rpm python-gunicorn-20.1.0-7.1.1.el8ui.src.rpm python-idna-ssl-1.1.0-6.1.1.el8ui.src.rpm python-inflection-0.5.1-4.1.1.el8ui.src.rpm python-jinja2-3.1.2-1.0.1.el8ui.src.rpm python-jsonschema-4.9.1-1.0.1.el8ui.src.rpm python-markuppy-1.14-3.0.1.el8ui.src.rpm python-markupsafe-2.0.1-3.0.2.el8ui.src.rpm python-multidict-6.0.2-2.0.1.el8ui.src.rpm python-naya-1.1.1-3.0.1.el8ui.src.rpm python-odfpy-1.4.1-6.0.1.el8ui.src.rpm python-openpyxl-3.0.9-2.0.1.el8ui.src.rpm python-packaging-21.3-1.0.1.el8ui.src.rpm python-productmd-1.33-4.1.1.el8ui.src.rpm python-protobuf-4.21.6-1.0.1.el8ui.src.rpm python-psycopg2-2.9.3-2.0.1.el8ui.src.rpm python-pulp-container-2.14.3-1.0.1.el8ui.src.rpm python-pulp-container-client-2.14.1-1.4.el8ui.src.rpm python-pulp-rpm-3.18.5-1.0.1.el8ui.src.rpm python-pulp-rpm-client-3.18.5-1.2.el8ui.src.rpm python-pulpcore-3.21.0-1.0.1.el8ui.src.rpm python-pulpcore-client-3.21.0-1.0.1.el8ui.src.rpm python-pycairo-1.20.1-5.1.1.el8ui.src.rpm python-pycares-4.1.2-2.0.1.el8ui.src.rpm python-pycryptodomex-3.14.1-2.0.1.el8ui.src.rpm python-pygobject-3.40.1-4.0.1.el8ui.src.rpm python-pygtrie-2.5.0-1.0.1.el8ui.src.rpm python-pyjwkest-1.4.2-6.0.1.el8ui.src.rpm python-pyjwt-2.5.0-2.0.1.el8ui.src.rpm python-pyparsing-2.4.7-4.0.1.el8ui.src.rpm python-pyrsistent-0.18.1-2.0.1.el8ui.src.rpm python-pytz-2022.2.1-1.0.1.el8ui.src.rpm python-redis-4.3.4-1.0.1.el8ui.src.rpm python-sqlparse-0.4.2-4.1.1.el8ui.src.rpm python-tablib-3.2.0-3.0.1.el8ui.src.rpm python-types-cryptography-3.3.23-1.0.1.el8ui.src.rpm python-typing-extensions-3.10.0.2-3.1.1.el8ui.src.rpm python-uritemplate-4.1.1-3.1.1.el8ui.src.rpm python-url-normalize-1.4.3-4.0.1.el8ui.src.rpm python-urlman-2.0.1-1.0.1.el8ui.src.rpm python-whitenoise-6.0.0-1.0.1.el8ui.src.rpm python-wrapt-1.14.1-1.0.1.el8ui.src.rpm python-xlrd-2.0.1-5.0.1.el8ui.src.rpm python-xlwt-1.3.0-3.0.1.el8ui.src.rpm python-yarl-1.7.2-4.1.1.el8ui.src.rpm rhui-installer-4.3.0.4-1.el8ui.src.rpm rhui-tools-4.3.0.8-1.el8ui.src.rpm noarch: python3-gunicorn-20.1.0-7.1.1.el8ui.noarch.rpm python3-pulp-container-client-2.14.1-1.4.el8ui.noarch.rpm python3-pulp-rpm-client-3.18.5-1.2.el8ui.noarch.rpm python3-pulpcore-client-3.21.0-1.0.1.el8ui.noarch.rpm python39-aiodns-3.0.0-4.1.1.el8ui.noarch.rpm python39-aiofiles-22.1.0-1.0.1.el8ui.noarch.rpm python39-aiohttp-xmlrpc-1.5.0-2.0.1.el8ui.noarch.rpm python39-aioredis-2.0.1-2.0.1.el8ui.noarch.rpm python39-aiosignal-1.2.0-2.0.1.el8ui.noarch.rpm python39-asgiref-3.5.2-1.0.1.el8ui.noarch.rpm python39-async-timeout-4.0.2-2.0.1.el8ui.noarch.rpm python39-asyncio-throttle-1.0.2-4.1.1.el8ui.noarch.rpm python39-attrs-21.4.0-2.0.1.el8ui.noarch.rpm python39-backoff-2.1.2-1.0.1.el8ui.noarch.rpm python39-charset-normalizer-2.1.1-1.0.1.el8ui.noarch.rpm python39-click-8.1.3-1.0.1.el8ui.noarch.rpm python39-defusedxml-0.7.1-3.0.1.el8ui.noarch.rpm python39-deprecated-1.2.13-1.0.1.el8ui.noarch.rpm python39-diff-match-patch-20200713-3.0.1.el8ui.noarch.rpm python39-django-3.2.16-1.0.1.el8ui.noarch.rpm python39-django-currentuser-0.5.3-5.0.1.el8ui.noarch.rpm python39-django-filter-22.1-2.0.1.el8ui.noarch.rpm python39-django-guid-3.3.0-1.0.1.el8ui.noarch.rpm python39-django-import-export-2.8.0-1.0.1.el8ui.noarch.rpm python39-django-lifecycle-1.0.0-1.0.1.el8ui.noarch.rpm python39-django-readonly-field-1.1.1-3.0.1.el8ui.noarch.rpm python39-djangorestframework-3.13.1-2.0.1.el8ui.noarch.rpm python39-djangorestframework-queryfields-1.0.0-6.1.1.el8ui.noarch.rpm python39-drf-access-policy-1.1.2-1.0.1.el8ui.noarch.rpm python39-drf-nested-routers-0.93.4-3.0.1.el8ui.noarch.rpm python39-drf-spectacular-0.23.1-1.0.1.el8ui.noarch.rpm python39-dynaconf-3.1.9-1.0.1.el8ui.noarch.rpm python39-ecdsa-0.14.1-2.0.1.el8ui.noarch.rpm python39-et-xmlfile-1.1.0-2.0.3.el8ui.noarch.rpm python39-future-0.18.2-5.0.1.el8ui.noarch.rpm python39-gnupg-0.5.0-1.0.1.el8ui.noarch.rpm python39-gunicorn-20.1.0-7.1.1.el8ui.noarch.rpm python39-idna-ssl-1.1.0-6.1.1.el8ui.noarch.rpm python39-inflection-0.5.1-4.1.1.el8ui.noarch.rpm python39-jinja2-3.1.2-1.0.1.el8ui.noarch.rpm python39-jsonschema-4.9.1-1.0.1.el8ui.noarch.rpm python39-markuppy-1.14-3.0.1.el8ui.noarch.rpm python39-naya-1.1.1-3.0.1.el8ui.noarch.rpm python39-odfpy-1.4.1-6.0.1.el8ui.noarch.rpm python39-openpyxl-3.0.9-2.0.1.el8ui.noarch.rpm python39-packaging-21.3-1.0.1.el8ui.noarch.rpm python39-productmd-1.33-4.1.1.el8ui.noarch.rpm python39-protobuf-4.21.6-1.0.1.el8ui.noarch.rpm python39-pulp-container-2.14.3-1.0.1.el8ui.noarch.rpm python39-pulp-rpm-3.18.5-1.0.1.el8ui.noarch.rpm python39-pulpcore-3.21.0-1.0.1.el8ui.noarch.rpm python39-pygtrie-2.5.0-1.0.1.el8ui.noarch.rpm python39-pyjwkest-1.4.2-6.0.1.el8ui.noarch.rpm python39-pyjwt-2.5.0-2.0.1.el8ui.noarch.rpm python39-pyparsing-2.4.7-4.0.1.el8ui.noarch.rpm python39-pytz-2022.2.1-1.0.1.el8ui.noarch.rpm python39-redis-4.3.4-1.0.1.el8ui.noarch.rpm python39-sqlparse-0.4.2-4.1.1.el8ui.noarch.rpm python39-tablib-3.2.0-3.0.1.el8ui.noarch.rpm python39-types-cryptography-3.3.23-1.0.1.el8ui.noarch.rpm python39-typing-extensions-3.10.0.2-3.1.1.el8ui.noarch.rpm python39-uritemplate-4.1.1-3.1.1.el8ui.noarch.rpm python39-url-normalize-1.4.3-4.0.1.el8ui.noarch.rpm python39-urlman-2.0.1-1.0.1.el8ui.noarch.rpm python39-whitenoise-6.0.0-1.0.1.el8ui.noarch.rpm python39-xlrd-2.0.1-5.0.1.el8ui.noarch.rpm python39-xlwt-1.3.0-3.0.1.el8ui.noarch.rpm rhui-installer-4.3.0.4-1.el8ui.noarch.rpm rhui-tools-4.3.0.8-1.el8ui.noarch.rpm rhui-tools-libs-4.3.0.8-1.el8ui.noarch.rpm x86_64: createrepo_c-debuginfo-0.20.1-1.0.1.el8ui.x86_64.rpm createrepo_c-debugsource-0.20.1-1.0.1.el8ui.x86_64.rpm createrepo_c-libs-0.20.1-1.0.1.el8ui.x86_64.rpm createrepo_c-libs-debuginfo-0.20.1-1.0.1.el8ui.x86_64.rpm libcomps-0.1.18-4.0.1.el8ui.x86_64.rpm libcomps-debuginfo-0.1.18-4.0.1.el8ui.x86_64.rpm libcomps-debugsource-0.1.18-4.0.1.el8ui.x86_64.rpm libsolv-0.7.22-4.0.1.el8ui.x86_64.rpm libsolv-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm libsolv-debugsource-0.7.22-4.0.1.el8ui.x86_64.rpm libsolv-demo-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm libsolv-tools-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm pulpcore-selinux-1.3.2-1.0.1.el8ui.x86_64.rpm python-aiohttp-debugsource-3.8.1-3.0.1.el8ui.x86_64.rpm python-brotli-debugsource-1.0.9-2.0.1.el8ui.x86_64.rpm python-cchardet-debugsource-2.1.7-4.0.1.el8ui.x86_64.rpm python-frozenlist-debugsource-1.3.0-2.0.1.el8ui.x86_64.rpm python-markupsafe-debuginfo-2.0.1-3.0.2.el8ui.x86_64.rpm python-markupsafe-debugsource-2.0.1-3.0.2.el8ui.x86_64.rpm python-multidict-debugsource-6.0.2-2.0.1.el8ui.x86_64.rpm python-psycopg2-debugsource-2.9.3-2.0.1.el8ui.x86_64.rpm python-pycairo-debugsource-1.20.1-5.1.1.el8ui.x86_64.rpm python-pycares-debugsource-4.1.2-2.0.1.el8ui.x86_64.rpm python-pycryptodomex-debugsource-3.14.1-2.0.1.el8ui.x86_64.rpm python-pygobject-debugsource-3.40.1-4.0.1.el8ui.x86_64.rpm python-pyrsistent-debugsource-0.18.1-2.0.1.el8ui.x86_64.rpm python-wrapt-debugsource-1.14.1-1.0.1.el8ui.x86_64.rpm python-yarl-debugsource-1.7.2-4.1.1.el8ui.x86_64.rpm python3-createrepo_c-0.20.1-1.0.1.el8ui.x86_64.rpm python3-createrepo_c-debuginfo-0.20.1-1.0.1.el8ui.x86_64.rpm python3-libcomps-0.1.18-4.0.1.el8ui.x86_64.rpm python3-libcomps-debuginfo-0.1.18-4.0.1.el8ui.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-3.0.2.el8ui.x86_64.rpm python3-solv-0.7.22-4.0.1.el8ui.x86_64.rpm python3-solv-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm python39-aiohttp-3.8.1-3.0.1.el8ui.x86_64.rpm python39-aiohttp-debuginfo-3.8.1-3.0.1.el8ui.x86_64.rpm python39-brotli-1.0.9-2.0.1.el8ui.x86_64.rpm python39-brotli-debuginfo-1.0.9-2.0.1.el8ui.x86_64.rpm python39-cchardet-2.1.7-4.0.1.el8ui.x86_64.rpm python39-cchardet-debuginfo-2.1.7-4.0.1.el8ui.x86_64.rpm python39-createrepo_c-0.20.1-1.0.1.el8ui.x86_64.rpm python39-createrepo_c-debuginfo-0.20.1-1.0.1.el8ui.x86_64.rpm python39-frozenlist-1.3.0-2.0.1.el8ui.x86_64.rpm python39-frozenlist-debuginfo-1.3.0-2.0.1.el8ui.x86_64.rpm python39-libcomps-0.1.18-4.0.1.el8ui.x86_64.rpm python39-libcomps-debuginfo-0.1.18-4.0.1.el8ui.x86_64.rpm python39-markupsafe-2.0.1-3.0.2.el8ui.x86_64.rpm python39-markupsafe-debuginfo-2.0.1-3.0.2.el8ui.x86_64.rpm python39-multidict-6.0.2-2.0.1.el8ui.x86_64.rpm python39-multidict-debuginfo-6.0.2-2.0.1.el8ui.x86_64.rpm python39-psycopg2-2.9.3-2.0.1.el8ui.x86_64.rpm python39-psycopg2-debuginfo-2.9.3-2.0.1.el8ui.x86_64.rpm python39-pycairo-1.20.1-5.1.1.el8ui.x86_64.rpm python39-pycairo-debuginfo-1.20.1-5.1.1.el8ui.x86_64.rpm python39-pycares-4.1.2-2.0.1.el8ui.x86_64.rpm python39-pycares-debuginfo-4.1.2-2.0.1.el8ui.x86_64.rpm python39-pycryptodomex-3.14.1-2.0.1.el8ui.x86_64.rpm python39-pycryptodomex-debuginfo-3.14.1-2.0.1.el8ui.x86_64.rpm python39-pygobject-3.40.1-4.0.1.el8ui.x86_64.rpm python39-pygobject-debuginfo-3.40.1-4.0.1.el8ui.x86_64.rpm python39-pyrsistent-0.18.1-2.0.1.el8ui.x86_64.rpm python39-pyrsistent-debuginfo-0.18.1-2.0.1.el8ui.x86_64.rpm python39-solv-0.7.22-4.0.1.el8ui.x86_64.rpm python39-solv-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm python39-wrapt-1.14.1-1.0.1.el8ui.x86_64.rpm python39-wrapt-debuginfo-1.14.1-1.0.1.el8ui.x86_64.rpm python39-yarl-1.7.2-4.1.1.el8ui.x86_64.rpm python39-yarl-debuginfo-1.7.2-4.1.1.el8ui.x86_64.rpm ruby-solv-debuginfo-0.7.22-4.0.1.el8ui.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2021-44420 https://access.redhat.com/security/cve/CVE-2022-41323 https://access.redhat.com/security/updates/classification#low 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY+qBYNzjgjWX9erEAQjg/A/8DrdxSDYNezlo8qtNg/4TxKmSRo13FONY BEQccaAng84uVRHddCBSXdQJThk71DrjyJjJRybQA2KQFs74D0c426EmoYi4oTe3 xKmN23uN385SXOPwM04aKvo0q7zzhoxF8FkcAWBiqb6/BRNGF8VLuIgWD8x2YTVZ amTrzLPSWShlotbRrWOwscYABdDKM9e3LTqDk9+1lFB4NdxO1RqO6eqq5WiH8hfL yuFEdLbmgzBByneSQ+a9xbznH9cyoW4X7FJghcUdeHDXYfwlyOdDL8PMls5aMLm8 +4NayuPPnP94bMsw75yAtY6DUxz6d7paZZcSNW2UVNN9Q/TXo1c/DAFScpPcGaAn 3JYa5+xqzyM58XdNGI/PutCSESxWgbpM4byM57eHMamC2y+ysCPYr5Gmwklalmk2 l31wLP6O/BI37yCBvtJ23ID370RBlLIBAXWKS+ZvPFbUhKoXviV0a4bpawXSJerE IoRO5xWC/8CWVYI/apUUpuyApPyr5i4Cqz8jBAKxcOQl24H2QTytvE5JXz/mWo5Z T52L9IHThn8dOgj4eDJ85bMuF84K2WthwtC5RByemLsK1uEv/cyv/ObkJs6vJwDc VwI6Kqk1E4SB1n4LrK8tDrpsY1uY9zb/YP3iy3plQ/1a52Icuo93B6VBkzfeiOhG tYN3nZ1I+EE=96H1 -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Feb 13, 2023
•Low
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2023:4567-01 Important: Security Flaw in OpenStack Neutron
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.2 (openstack-nova) security update Advisory ID: RHSA-2022:0999-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0999 Issue date: 2022-03-23 CVE Names: CVE-2021-3654 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Security Fix(es): * novnc allows open redirection (CVE-2021-3654) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Referencessection. Bug Fix(es): * Red Hat OpenStack Platform (RHOSP) does not support the use of a fully qualified domain name (FQDN) as the instance display name in a boot server request. The instance display name is passed from the boot server request to the `instance.hostname` field. Some customers use this unsupported naming in their workflows. A recent update [1] now sanitizes the `instance.hostname` field. The sanitization steps include replacing periods with dashes, a replacement that makes it impossible to continue using the unsupported FQDN instance display names. This update provides a temporary workaround for customers who use a fully qualified domain name (FQDN) as the instance display name in a boot server request. It limits the scope of the sanitization to cases where the instance display name ends with a period followed by one or more numeric digits. If you use FQDN as the instance display name in a boot server request, modify your workflow before upgrading to RHOSP 17. (BZ#2036652) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1729485 - [OSP16.2] "Invalid PCI devices Whitelist config error" configuring passthrough_whitelist with new 40Gb NICs due domain in PCI address is greater than FFFF 1908405 - Nova is out of sync with ironic as hypervisor list in nova does not agree with ironic list after reboot of the nodes 1915096 - [OSP16.2] NUMA instance spawn fails on get_best_cpu_topology when there is no 'threads' preference 1961439 - CVE-2021-3654 openstack-nova: novnc allows open redirection 1968735 - [OSP16.2][neutron]http_retries config option value not being used for calls to the port binding API 1972706 - [OSP 16.2] After host reboot VM goes to error state due to nova-compute EmptyCatalog error 1987225 - Compute service DOWN after FFU from RHOSP13 to 16.1 because service version is still 30. 1992863 - [OSP 16.2] Avoid duplicate BDMsduring reserve_block_device_name 1998556 - [OSP 16.2] Attempting to start or hard reboot a users instance as an admin with encrypted rbd volumes leaves the instance unbootable 1999583 - [OSP 16.2] Provide a workaround option and/or nova-manage command to force the refresh of connection_info during a hard reboot 2036652 - [HOTFIX] [OSP 16.2] - option for disabling FIX on instance name sanity check 2036690 - If an upper case mac address is used in a heat template, live migration won't work in nova 6. Package List: Red Hat OpenStack Platform 16.2: Source: openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.src.rpm noarch: openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-api-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-common-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-compute-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-conductor-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-console-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-migration-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-novncproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-scheduler-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-serialproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm python3-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3654 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYjvl+9zjgjWX9erEAQj92Q/+NnPtpkYhV7Lk78xO4S0Q4T5yc05pw3Fg 3ELTIUX/nEgiXjli2EVD8v4zqPkO8JDBJswABwB4QfGC0OsmL+On9qFE5Ht95+d7 rOkE2dnse8WXeoR6h+XZlUC71fBpzvvGTCHrs6Lw0n21YPtkgqX7SEuIHQ8J4iwj 0LvW5ruM5oi3rLRWN6pNP7bhJyCi4m8SmSLTDusLqPCai/XPh4KaxkmMkh8b0CpF w/1fODAEovKZ+LCdLhnCPfqS5F5STZhcAGvxC8YLMGyY2e4NNzwxS+b7SbdU47Fp V32ct30k+Op3LwTupPfmyqeadg5vOt8gb1vNJcWfk0sCSvD01RBgA+pXxnJeORlI oxQiXTQFCI8l+mgk8I1sTVEwPdjJn2cdT3OTU7B4GuY8Fp4ItoE9Nxzm4IhHKM/O /1qCLwq+IVzMNoC7loklkKkbjyUvvVrQspeAnr/UgJd+ihhabRSk53J0KhcBm6LP hN7C08j4LwzMbvsVX47SmU1ZFeS99xLSaxNc9w0rIKtoZkNxYZvHSSowHkpfDExu 9o88eUeMCmgZuuquvw9j+/GxwffDxo4EaAvfBTuAiAqmSPx7rjx9d5Ys5OjLq7c2 smxZbv5C1FiX1kfuf0cf/l4R+l6LOc5PpC7Q5NKgimw5GfYtQjy9AKjTHBldKS78 wweaZpIwTlU=otzf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2022
•Important
Red Hat
98
security advisorymoderatered hatRed Hat CloudForms 5.11: RHSA-2019-4201-01 Moderate: DoS Fix for Rubyzip
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: CloudForms 5.0.1 security, bug fix and enhancement update Advisory ID: RHSA-2019:4201-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:4201 Issue date: 2019-12-12 Cross references: RHBA-2019:40571 CVE Names: CVE-2019-16892 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * cfme: rubygem-rubyzip denial of service via crafted ZIP file (CVE-2019-16892) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for thesechanges is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1713400 - [RFE] Cloud Key pair don't have relationships with owner and group that build this key 1730066 - Unable to view AWS keypair list as tenant_administrator 1747179 - [Regression] [ActionView::Template::Error] undefined method `tenant_group?' while setting ownership for key pairs1767548 - Remove .py extension from calls to virt-v2v-wrapper 1767549 - Run the preflight check of migration task before waiting for a conversion host 1767550 - [RFE] Add ability to remove all snapshots asynchronously 1767645 - [RFE] Hide the Configuration -> Database screen 1767646 - Unassigned buttons of a Service shows when its Catalog Item has custom buttons 1767647 - Unable to access "Automate/Requests" tab for a role without exposing "Service/Requests" 1767648 - Server Error (API) when creating Orchestration Template with duplicate content 1767656 - [Regression] Unable to capture memory metric from Azure instances 1767659 - Chargeback report preview fails 1767660 - Service Requests Requester dropdown not sorted 1767774 - appliance_console_cli returns 0 on failure 1767775 - [RFE] Add AWS Bahrain region to CFME 1767776 - [RFE] - Update Host/Node filter to reflect supported versions of ESX 1767777 - Typo on list of Host/Nodes global filters -- Status / Orphaned 1767783 - [RFE] Dis-allow the addition of ESX hosts directly 1767784 - Unable to receive "generalize" event from Azure after generalizing an instance 1767786 - API should not declare HTTP DELETE verb on pxe_servers collection 1767788 - The UI warning about RSA is deprecated and nottrue anymore. 1767789 - Passwords stored in variables(extra_vars) are visible in clear text in the Appliance evm.log 1767790 - there are exceptions "rescue in type_cast" in logs in global and remote region appliances 1767791 - Chargeback reports not working 1767796 - Add support for VM conversion host in RHV 1767809 - UI crashes when going to Details of Azure Network Port somehow associated to Load Balancers1767810 - Traceback when clicking on Overview > Chargeback > Reports 1767811 - [RHV] Last Boot Time is "N/A" for VM if you shutdown guest 1767818 - [Regression] top_output.log only showing ruby and not the process names 1767819 - unable to remove duplicate guest devices due to memory 1767821 - [RFE] Remove list view button on my service sui page if there is no use of it 1767823 - [RFE] Generic Object builder tab cycle missing the add (commit) remove buttons 1767824 - multiple workers start the same retirement when retirement date is reached 1767833 - [UI] Erroneous behavior of spinner and spinner box in advanced search loading 1767834 - Refresh of OpenShift provider in CloudForms happen to panic apiserver 1767835 - Changing groups with a user assigned to multiple groups logs out of appliance 1767836 - Choice in Drop Down that References Category (Tag Control Item) is Incorrect 1767837 - [RFE] Automating the generation of widget content Via RESTAPI 1767880 - evm.log is full of error messages "cannot obtain exclusive access to locked queue" 1767881 - Host creds validation fails if host's ssh key has changed before 1767885 - [RFE] VMware guests are incorrectly marked as linked_clone true, remove attribute 1767886 - [RFE] custom service catalog icons being deleted are not actually deleted 1767895 - [NoMethodError]: undefined method `path' for nil:NilClass Method:[block (2 levels) in ] during scheduled NFS backup 1767896 - Lifecycle retirement fails for user that no longer has groups 1767901 - [RFE] automate method to delete a tag from a category 1768456 - Date picker takes a date previous to what is selectedin the dialog 1768517 - [RFE] validate infra mappings 1768520 - [v2v] Ordering a migration plan, that contains MIGRATED VM/s, fails with an unclear error message. 1768525 - Remove Automate code for TransformationHost 1768530 - Add conversion host validation for config params 1768576 - Sporadic 404 Error when deleting custom button on generic object class 1768638 - [RFE] Import/export schedules to replicate on other sites 1771298 - CVE-2019-16892 cfme: rubygem-rubyzip denial of service via crafted ZIP file 1771737 - ping endpoint fails with "Error caught: [ActionView::MissingTemplate] Missing template ping/index" 1773666 - [RFE] Custom button: generic class level button deletion not showing a specific flash message 1773667 - Incorrect flash when custom button under generic object class is deleted 1775684 - Need the ability to configure the appliance for SAML using the appliance console CLI. 6. Package List: CloudForms Management Engine 5.11: Source: cfme-5.11.1.2-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.1.2-1.el8cf.src.rpm cfme-appliance-5.11.1.2-1.el8cf.src.rpm cfme-gemset-5.11.1.2-1.el8cf.src.rpm ovirt-ansible-hosted-engine-setup-1.0.28-1.el8ev.src.rpm v2v-conversion-host-1.15.0-1.el8ev.src.rpm noarch: ovirt-ansible-hosted-engine-setup-1.0.28-1.el8ev.noarch.rpm v2v-conversion-host-ansible-1.15.0-1.el8ev.noarch.rpm x86_64: cfme-5.11.1.2-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.1.2-1.el8cf.x86_64.rpm cfme-gemset-5.11.1.2-1.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-16892 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXfLc99zjgjWX9erEAQgVug//cS6v6+UjWVh5+5Ij3k28/IeCUXPnbqYh drgvJLiSBhwiqINZzwBKi80Usi5E47y2l+NkqMUl+E5cdicQ5YPQFyqsHlRaYPLp OlSu31/R9WMuvk2epasXavGpOmbAsJ2NrY99Y/jFiyhC1urhZHITFuBbUjgfXa91 eMbW6dHnOvW6+AIeDevwK9klYuplRsT65ievb3DZlRMfMPhbf5EebO/xgDsJprba X6ToWstSKAOlGY9urluK8DNu/0HprD3gn4crEwM37Q/yPxiLwPUjBL9lwbnjDe1g 8VTGyAXXoZagjcXQC0bZCC7s6TVj3jxpAXzsbb0+bxcoRA/viGu8RxxH50TM5inO 7z57AXI4cm9AnyMfbQyWM5R7LM6P6HfLEPpbMQPHMJiShQVq9m6wyPvM6I+1K0ip 9kH37Js3tlqq5gF6nUvnK/ov+R/zkBfUC4Vd8o2AcaljQ5ovzzMYlqAzheVdMY9z W2Db1M4S+rrmkUnZKlDccRu/JlI3ix4pnmXVpZSOLut38FELGrc4SxZrrMZIXabU ODBG/2ImrIBmA9KBhwJ71ca/lXK02rJDsQPXF78NsnhAD/jj+B7FcL1YZsLf2Klw 4cYMWMmOIHnmYflDQb0U4Wk1F8UR2hULiHzDX1yObGCNZKM9eJCYDHMHGOcAA5MV qtZ47loIgIk=TXD1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 12, 2019
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!