Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatsoftware update

Red Hat OpenShift 4.10 RHSA-2023:3910-01 Important: Security Issues

Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise security update Advisory ID: RHSA-2023:3910-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3910 Issue date: 2023-07-06 CVE Names: CVE-2022-41717 CVE-2023-3089 CVE-2023-24540 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:3911 Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: net/http: excessive memory growth in a Go server acceptingHTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes 4.10.63 5. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 6. Package List: Red Hat OpenShift Container Platform4.10: Source: openshift-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el7.src.rpm openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.src.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.src.rpm noarch: openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.noarch.rpm x86_64: openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform4.10: Source: buildah-1.19.9-1.1.el8.src.rpm jenkins-2-plugins-4.10.1687341544-1.el8.src.rpm jenkins-2.401.1.1687268694-1.el8.src.rpm kernel-4.18.0-305.95.1.el8_4.src.rpm kernel-rt-4.18.0-305.95.1.rt7.170.el8_4.src.rpm openshift-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.src.rpm openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.src.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.src.rpm openshift-kuryr-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.src.rpm podman-3.2.3-1.1.rhaos4.10.el8.src.rpm skopeo-1.2.4-1.1.el8.src.rpm aarch64: bpftool-4.18.0-305.95.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm buildah-1.19.9-1.1.el8.aarch64.rpm buildah-debuginfo-1.19.9-1.1.el8.aarch64.rpm buildah-debugsource-1.19.9-1.1.el8.aarch64.rpm buildah-tests-1.19.9-1.1.el8.aarch64.rpm buildah-tests-debuginfo-1.19.9-1.1.el8.aarch64.rpm containers-common-1.2.4-1.1.el8.aarch64.rpm kernel-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-modules-internal-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-selftests-internal-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.95.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.aarch64.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.aarch64.rpm openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.aarch64.rpm perf-4.18.0-305.95.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm podman-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-catatonit-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-debugsource-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-plugins-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-remote-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm podman-tests-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm python3-perf-4.18.0-305.95.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm skopeo-1.2.4-1.1.el8.aarch64.rpm skopeo-debuginfo-1.2.4-1.1.el8.aarch64.rpm skopeo-debugsource-1.2.4-1.1.el8.aarch64.rpm skopeo-tests-1.2.4-1.1.el8.aarch64.rpm noarch: jenkins-2-plugins-4.10.1687341544-1.el8.noarch.rpm jenkins-2.401.1.1687268694-1.el8.noarch.rpm kernel-doc-4.18.0-305.95.1.el8_4.noarch.rpm openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.noarch.rpm openshift-ansible-test-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.noarch.rpm openshift-kuryr-cni-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm podman-docker-3.2.3-1.1.rhaos4.10.el8.noarch.rpm python3-kuryr-kubernetes-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm ppc64le: bpftool-4.18.0-305.95.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm buildah-1.19.9-1.1.el8.ppc64le.rpm buildah-debuginfo-1.19.9-1.1.el8.ppc64le.rpm buildah-debugsource-1.19.9-1.1.el8.ppc64le.rpm buildah-tests-1.19.9-1.1.el8.ppc64le.rpm buildah-tests-debuginfo-1.19.9-1.1.el8.ppc64le.rpm containers-common-1.2.4-1.1.el8.ppc64le.rpm kernel-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-ipaclones-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-modules-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-selftests-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.95.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm perf-4.18.0-305.95.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm podman-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-catatonit-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-debugsource-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-plugins-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-remote-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm podman-tests-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm python3-perf-4.18.0-305.95.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm skopeo-1.2.4-1.1.el8.ppc64le.rpm skopeo-debuginfo-1.2.4-1.1.el8.ppc64le.rpm skopeo-debugsource-1.2.4-1.1.el8.ppc64le.rpm skopeo-tests-1.2.4-1.1.el8.ppc64le.rpm s390x: bpftool-4.18.0-305.95.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm buildah-1.19.9-1.1.el8.s390x.rpm buildah-debuginfo-1.19.9-1.1.el8.s390x.rpm buildah-debugsource-1.19.9-1.1.el8.s390x.rpm buildah-tests-1.19.9-1.1.el8.s390x.rpm buildah-tests-debuginfo-1.19.9-1.1.el8.s390x.rpm containers-common-1.2.4-1.1.el8.s390x.rpm kernel-4.18.0-305.95.1.el8_4.s390x.rpm kernel-core-4.18.0-305.95.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.95.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.95.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.95.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.95.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm kernel-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm kernel-selftests-internal-4.18.0-305.95.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.95.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.s390x.rpm perf-4.18.0-305.95.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm podman-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-catatonit-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-debugsource-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-plugins-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-remote-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm podman-tests-3.2.3-1.1.rhaos4.10.el8.s390x.rpm python3-perf-4.18.0-305.95.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm skopeo-1.2.4-1.1.el8.s390x.rpm skopeo-debuginfo-1.2.4-1.1.el8.s390x.rpm skopeo-debugsource-1.2.4-1.1.el8.s390x.rpm skopeo-tests-1.2.4-1.1.el8.s390x.rpm x86_64: bpftool-4.18.0-305.95.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm buildah-1.19.9-1.1.el8.x86_64.rpm buildah-debuginfo-1.19.9-1.1.el8.x86_64.rpm buildah-debugsource-1.19.9-1.1.el8.x86_64.rpm buildah-tests-1.19.9-1.1.el8.x86_64.rpm buildah-tests-debuginfo-1.19.9-1.1.el8.x86_64.rpm containers-common-1.2.4-1.1.el8.x86_64.rpm kernel-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-ipaclones-internal-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-modules-internal-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-rt-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-kvm-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-modules-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-rt-selftests-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm kernel-selftests-internal-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.95.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.x86_64.rpm openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.x86_64.rpm perf-4.18.0-305.95.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm podman-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-catatonit-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-debugsource-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-plugins-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-remote-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm podman-tests-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm python3-perf-4.18.0-305.95.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm skopeo-1.2.4-1.1.el8.x86_64.rpm skopeo-debuginfo-1.2.4-1.1.el8.x86_64.rpm skopeo-debugsource-1.2.4-1.1.el8.x86_64.rpm skopeo-tests-1.2.4-1.1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkpjntAAoJENzjgjWX9erEIaUQAJdskIzUWAwkltwUZqvqgNAk RwMWmbwazscWXj/d5BrzMlOavQgs251wPXy4WdWN6AOqXb9SULj1tJjUUGxXnGMw zVp6Hyk2ClanJ59RTDaeWLhoF4cvarEI0fkSd0W0OljMehH7gkcyQ1q6VKJBOaan k05UQUlC0GZrMCStl1HA2ewEh/YhkKyqQuoA9jTKhOUA3YUo/sqBiHf9KUdnCD2X oGdb94rYeMkH+yPk2RQL64FjMCYyVQL0EQArVXJv7OJj7CBk/ltUy2evAJjbGGYn fa9FV8YqIc2DJTJ/EAOxkX9qfTSqqRm+gjJS9I6oBqHhjJfaO9wvd4S3LbJNHMO7 auJqXSDMHpjtLlgOsWPQy1Va2LYkUsM71eNOwYbOQylr5ayjhOSuPCgM93GCGqqp AnV7W5wO3Z59GPaTWCDyAcAVm/ChYh8KcGN4K9O4A4XX6XeriyH8nVBDMtgMuUYx Z7ED3SJ03aw2fXm4P+KgVkbviM02M0MIqVhdqck502QXuD85ovPyzAKGJRtAKI4w 7cLNaK1ln39xaxe1J3hruYP8uoYoLWpzJQZYtGGtTVXWTI+39gMzJB2lMF6zmzcT UYb9EUyivqAKnzdZinyJjs9UtTh/hqU8MQPdffhTv4meTwhH8nV11myXT+DyRpN5 IkhGnBX5Er1jCx8seRtM =SpCV -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Red Hat OpenShift Enterprise patch resolves critical vulnerabilities alongside various improvements and bug fixes.. Red Hat OpenShift, security update, container platform, enterprise software, package enhancements. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 06, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatecritical

RedHat OpenShift 4.10: RHSA-2023-1655-01 Critical Security Update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: OpenShift Container Platform 4.10.56 security update Advisory ID: RHSA-2023:1655-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1655 Issue date: 2023-04-12 CVE Names: CVE-2022-3172 CVE-2022-31690 CVE-2022-31692 CVE-2022-42889 CVE-2023-24422 CVE-2023-27898 CVE-2023-27899 CVE-2023-27903 CVE-2023-27904 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:1656 Security Fix(es): * apache-commons-text: variable interpolation RCE(CVE-2022-42889) * spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690) * spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692) * jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422) * Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898) * Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899) * kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172) * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903) * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 2127804 - CVE-2022-3172 kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2162206 - CVE-2022-31692 spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security 2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin 2177626 - CVE-2023-27899 Jenkins: Temporary plugin file created with insecure permissions 2177629 -CVE-2023-27898 Jenkins: XSS vulnerability in plugin manager 2177632 - CVE-2023-27903 Jenkins: Temporary file parameter created with insecure permissions 2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents 6. Package List: Red Hat OpenShift Container Platform 4.10: Source: cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el7.src.rpm openshift-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src.rpm x86_64: cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64.rpm cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform4.10: Source: cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.src.rpm haproxy-2.2.19-4.el8.src.rpm jenkins-2-plugins-4.10.1680703106-1.el8.src.rpm jenkins-2.387.1.1680701869-1.el8.src.rpm kernel-4.18.0-305.85.1.el8_4.src.rpm kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.src.rpm openshift-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src.rpm toolbox-0.0.9-1.rhaos4.10.el8.src.rpm aarch64: bpftool-4.18.0-305.85.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm haproxy-debugsource-2.2.19-4.el8.aarch64.rpm haproxy22-2.2.19-4.el8.aarch64.rpm haproxy22-debuginfo-2.2.19-4.el8.aarch64.rpm kernel-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-selftests-internal-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.85.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.aarch64.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64.rpm openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64.rpm perf-4.18.0-305.85.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.85.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm noarch: jenkins-2-plugins-4.10.1680703106-1.el8.noarch.rpm jenkins-2.387.1.1680701869-1.el8.noarch.rpm kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm toolbox-0.0.9-1.rhaos4.10.el8.noarch.rpm ppc64le: bpftool-4.18.0-305.85.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm haproxy-debugsource-2.2.19-4.el8.ppc64le.rpm haproxy22-2.2.19-4.el8.ppc64le.rpm haproxy22-debuginfo-2.2.19-4.el8.ppc64le.rpm kernel-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-selftests-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.85.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm perf-4.18.0-305.85.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.85.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.85.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm haproxy-debugsource-2.2.19-4.el8.s390x.rpm haproxy22-2.2.19-4.el8.s390x.rpm haproxy22-debuginfo-2.2.19-4.el8.s390x.rpm kernel-4.18.0-305.85.1.el8_4.s390x.rpm kernel-core-4.18.0-305.85.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.85.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.85.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.85.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.85.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm kernel-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm kernel-selftests-internal-4.18.0-305.85.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.85.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x.rpm perf-4.18.0-305.85.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm python3-perf-4.18.0-305.85.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.85.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm haproxy-debugsource-2.2.19-4.el8.x86_64.rpm haproxy22-2.2.19-4.el8.x86_64.rpm haproxy22-debuginfo-2.2.19-4.el8.x86_64.rpm kernel-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-rt-selftests-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm kernel-selftests-internal-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.85.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.x86_64.rpm openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64.rpm perf-4.18.0-305.85.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.85.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-3172 https://access.redhat.com/security/cve/CVE-2022-31690 https://access.redhat.com/security/cve/CVE-2022-31692 https://access.redhat.com/security/cve/CVE-2022-42889 https://access.redhat.com/security/cve/CVE-2023-24422 https://access.redhat.com/security/cve/CVE-2023-27898 https://access.redhat.com/security/cve/CVE-2023-27899 https://access.redhat.com/security/cve/CVE-2023-27903 https://access.redhat.com/security/cve/CVE-2023-27904 https://access.redhat.com/security/updates/classification/#critical https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZDbdMtzjgjWX9erEAQjYThAAhqisQ9b44x+9/wyDxxvk76uR2NaZPzNo kabifxq1PnMHASvaD1UwOa9SlMTUSE0WOK0TKSQeLmpPWVSMtbTwg7TQ4ITBCKg3 ci3YZUGUfd8kitT8m+YFabRdjjEvp4zquA7jGHAiyeVNxUqVSCm+3Xu/qnTJBZU+ Lg+ZSHOIGXoAMwrK5tcrjNdWLcXRHwhTx+yTEtI78zT8gOR1SwKeiBeo9PZejwvI hpzS60Lf2RRvgE1XYpW1QGk27FDEqnKZQwq/xA8VmEFvv5PUn2a/HuzPV6+TE+go yw3hwZj+NdeVu0tEuPn/nwdybc74LfSN3oQOsJ+IxDHl8wRECe/Ki4db1NlwPCOR v33fnObzojt8wMSobA63X8smklQTT3h4C5OjG3QH3R7uLv2hUIlrRqBW1+frzMMi hN7DMt7DCMdSn8a5keKd2apsIHvtzFQLeZDS49fcqkIDEGSmPs/bXHWnRTjlrown PqJayWgk0LpZcyqxV/K/y4fdCm/+skaY1bX6GLpvMEd29z8LT3R/E3N/HqMHEZO7 DJ/YGc2cxtOBMq5uaLUDIFhcvTUCU46zh+1H8XRlSm4nTFIX0p7tvTCDPVuGvaYv eAHIdGls6f9obPkOTaLkdN0UCtUDnhT5nSSbL7NH/Tw+rgR/U/idXyuZUt1XrnO8 rcrquYe48D0=Ywi7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat OpenShift 4.10.56 has launched essential security patches tackling various weaknesses.. openshift security, red hat updates, container platform, security advisories, cloud computing risks. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 12, 2023 Critical Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatsoftware update

Red Hat Enterprise Linux 8.2: RHSA-2021-3156-01 Important Memory Issue Fix

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:3156-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3156 Issue date: 2021-08-16 CVE Names: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels(CVE-2021-29985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1992417 - CVE-2021-29986 Mozilla: Race condition when resolving DNS names could have led to memory corruption 1992419 - CVE-2021-29988 Mozilla: Memory corruption as a result of incorrect style treatment 1992420 - CVE-2021-29984 Mozilla: Incorrect instruction reordering during JIT optimization 1992421 - CVE-2021-29980 Mozilla: Uninitialized memory in a canvas object could have led to memory corruption 1992422 - CVE-2021-29985 Mozilla: Use-after-free media channels 1992423 - CVE-2021-29989 Mozilla: Memory safety bugs fixed in Thunderbird 78.13 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: firefox-78.13.0-2.el8_2.src.rpm aarch64: firefox-78.13.0-2.el8_2.aarch64.rpm firefox-debuginfo-78.13.0-2.el8_2.aarch64.rpm firefox-debugsource-78.13.0-2.el8_2.aarch64.rpm ppc64le: firefox-78.13.0-2.el8_2.ppc64le.rpm firefox-debuginfo-78.13.0-2.el8_2.ppc64le.rpm firefox-debugsource-78.13.0-2.el8_2.ppc64le.rpm s390x: firefox-78.13.0-2.el8_2.s390x.rpm firefox-debuginfo-78.13.0-2.el8_2.s390x.rpm firefox-debugsource-78.13.0-2.el8_2.s390x.rpm x86_64: firefox-78.13.0-2.el8_2.x86_64.rpm firefox-debuginfo-78.13.0-2.el8_2.x86_64.rpm firefox-debugsource-78.13.0-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-29980 https://access.redhat.com/security/cve/CVE-2021-29984 https://access.redhat.com/security/cve/CVE-2021-29985 https://access.redhat.com/security/cve/CVE-2021-29986 https://access.redhat.com/security/cve/CVE-2021-29988 https://access.redhat.com/security/cve/CVE-2021-29989 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRozJtzjgjWX9erEAQjkMRAAjaSZQFZU1ImOVZWPuG1KqskFiDfVDdWG mloNrP5qz1OnIxiJCApMCiWMc73zNKJCPyhhr/ppjrWeN9mGKY9iIK+KGFOg3DAG Uh1Yl5IqdvrncXgKf4Rgk4tyNwg1iJtPfQTSNK0P5xupnCl4modkIjdu/GgYS3Vs Uuy4KC9zJ1K+wOGqMNmgWFIvw6lbKxHzvErmh7jg1g1WWZalr3JMST7TRRaonXQT e8tsIyv9rPYjgz28QnbpxCya7G6UCIcTJm6ve85CD4oWRp8NyTb7NWKVzuDkrjz3 cdHekC7d2eop//v1knknY4DDHi6zI6CuxDTD2Q4HYm9IaEQ2mzA/Z8/HBs3I62B3 JaOzrvXlwjuMclXwb+O7LABOHdDyfx53RS7NjAv4+bs70hkhMZ2zgk2ebd/Shb5A FeIWM0HNnVWT0oyo3WwtvIG8YlHIH8DxyCQd0GoeepQQHzO0jGRtFxexKKVNd1NS ZrCBvjLENz3qcbwZF3LbjgKhHY/KsnLDT+9MYRh/l9CgHUGlyK96ISE4ZRD4BzAx 3dfcQsHfC8MogzWLQcyIMpoGBsoobKKNxWK2SzPUA0TysTaE4hqkwKPO49VjZNyF 0OzT0ZVm8PeBC4MSiLrmxMOHHXkza0B/tJWj7Kbx1jqTR1B89OYNLvBTEaPBc3r/ 5rQwsrFCAc8=DP2z -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent Firefox update for Red Hat Enterprise Linux version 8.2 tackles several critical memory vulnerabilities and enhances overall security.. firefox update, red hat advisory, enterprise linux, security patch, software upgrade. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 16, 2021 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatbuffer overflow

Red Hat: RHSA-2020-5585-01 Critical: Java 1.8 Security Threat

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2020:5585-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:5585 Issue date: 2020-12-16 CVE Names: CVE-2019-17639 CVE-2020-2590 CVE-2020-2601 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14796 CVE-2020-14797 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP20. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Bypass of boundarychecks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length (CVE-2019-17639) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1790556 - CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) 1790570 - CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) 1856448 - CVE-2020-14583 OpenJDK: Bypass ofboundary checks in nio.Buffer via concurrent access (Libraries, 8238920) 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) 1856896 - CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) 1856991 - CVE-2020-14578 OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) 1856995 - CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) 1866497 - CVE-2019-17639 IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length 1889271 - CVE-2020-14779 OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) 1889697 - CVE-2020-14796 OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) 1889717 - CVE-2020-14797 OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.7): ppc64: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-17639 https://access.redhat.com/security/cve/CVE-2020-2590 https://access.redhat.com/security/cve/CVE-2020-2601 https://access.redhat.com/security/cve/CVE-2020-14556 https://access.redhat.com/security/cve/CVE-2020-14577 https://access.redhat.com/security/cve/CVE-2020-14578 https://access.redhat.com/security/cve/CVE-2020-14579 https://access.redhat.com/security/cve/CVE-2020-14583 https://access.redhat.com/security/cve/CVE-2020-14593 https://access.redhat.com/security/cve/CVE-2020-14621 https://access.redhat.com/security/cve/CVE-2020-14779 https://access.redhat.com/security/cve/CVE-2020-14796 https://access.redhat.com/security/cve/CVE-2020-14797 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9ol7tzjgjWX9erEAQhsVRAAk8+CWdUGfQnj5mrbs0OKjcfxH3elM092 p2/APPPhPDaaYVI2veUYBKt9Evw2Bmn7X3RGcHG66OGaGiT3bhDX9lfr5ocjol4i V432T37vBvDjvwscb5Wm56kr92v9n9xC/DiHzH3gUh4KF6/mct9SnO+ESjWWDV6y zFNZynhDSSfCaJ2hq6knnVT/qybmsE0u0NmAfDF0ZqeASX8FC4WRuyzB/zNcdx30 5XnPff1r2YThHbT8outdLrMv2Ko8IT8NxOq2T7R0ap5iSwZwWKOHUvDY/4/5Sqwt TkRIlf/UM1p+ZGIFxViSnujnm2f3U4VyntYwLtyfUF1YZaBur84xfqjbFlnm03vC sbbwA1b1mNuLgrf0QcgiymhosTKvhQ/QYLY5TXMQMNNAbIIi20sumQJR1YcxD4NX pwmKK0eQghPDO43/Hvx2T6EY0wSVdE4yQdYsa4Po4bFwJh5zMrxMtXVISnIU+jMo oXs/p1gdeZ7v80uqv94zK0HI6g1V0nnhHaCi2bfVQ1sioMBxhth2F54qP3ySY0Pw Jv/wDFcZJdfsg8IViL+w3tBJg01+OMKPdOtKdJuwxCEiCqJ19KY3x2f27WyBUt9a JVBNV0QcGfwh1/SsmrivGD4TPT6k37/y9N7vSRjtxyskKhiCnUXSSlnMcgD8c6ST 7nLkEeFSdVI=92qw -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential Oracle patch for jdk8-u291 resolves multiple vulnerabilities affecting corporate infrastructure.. Red Hat Java Update Security Fix Enterprise. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 16, 2020 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of servicered hat

Red Hat Enterprise Linux 7: RHSA-2020:2894 Critical Dbus DoS Vulnerability

An update for dbus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: dbus security update Advisory ID: RHSA-2020:2894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2894 Issue date: 2020-07-13 CVE Names: CVE-2020-12049 ==================================================================== 1. Summary: An update for dbus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1849041 - CVE-2020-12049 dbus: denial of service via file descriptor leak 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: dbus-1.10.24-14.el7_8.src.rpm x86_64: dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: dbus-doc-1.10.24-14.el7_8.noarch.rpm x86_64: dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24-14.el7_8.x86_64.rpm dbus-tests-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: dbus-1.10.24-14.el7_8.src.rpm x86_64: dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: dbus-doc-1.10.24-14.el7_8.noarch.rpm x86_64: dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24-14.el7_8.x86_64.rpm dbus-tests-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: dbus-1.10.24-14.el7_8.src.rpm ppc64: dbus-1.10.24-14.el7_8.ppc64.rpm dbus-debuginfo-1.10.24-14.el7_8.ppc.rpm dbus-debuginfo-1.10.24-14.el7_8.ppc64.rpm dbus-devel-1.10.24-14.el7_8.ppc.rpm dbus-devel-1.10.24-14.el7_8.ppc64.rpm dbus-libs-1.10.24-14.el7_8.ppc.rpm dbus-libs-1.10.24-14.el7_8.ppc64.rpm dbus-x11-1.10.24-14.el7_8.ppc64.rpm ppc64le: dbus-1.10.24-14.el7_8.ppc64le.rpm dbus-debuginfo-1.10.24-14.el7_8.ppc64le.rpm dbus-devel-1.10.24-14.el7_8.ppc64le.rpm dbus-libs-1.10.24-14.el7_8.ppc64le.rpm dbus-x11-1.10.24-14.el7_8.ppc64le.rpm s390x: dbus-1.10.24-14.el7_8.s390x.rpm dbus-debuginfo-1.10.24-14.el7_8.s390.rpm dbus-debuginfo-1.10.24-14.el7_8.s390x.rpm dbus-devel-1.10.24-14.el7_8.s390.rpm dbus-devel-1.10.24-14.el7_8.s390x.rpm dbus-libs-1.10.24-14.el7_8.s390.rpm dbus-libs-1.10.24-14.el7_8.s390x.rpm dbus-x11-1.10.24-14.el7_8.s390x.rpm x86_64: dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: dbus-doc-1.10.24-14.el7_8.noarch.rpm ppc64: dbus-debuginfo-1.10.24-14.el7_8.ppc64.rpm dbus-tests-1.10.24-14.el7_8.ppc64.rpm ppc64le: dbus-debuginfo-1.10.24-14.el7_8.ppc64le.rpm dbus-tests-1.10.24-14.el7_8.ppc64le.rpm s390x: dbus-debuginfo-1.10.24-14.el7_8.s390x.rpm dbus-tests-1.10.24-14.el7_8.s390x.rpm x86_64: dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-tests-1.10.24-14.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: dbus-1.10.24-14.el7_8.src.rpm x86_64: dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm Red Hat EnterpriseLinux Workstation Optional (v. 7): noarch: dbus-doc-1.10.24-14.el7_8.noarch.rpm x86_64: dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-tests-1.10.24-14.el7_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12049 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXwxEJtzjgjWX9erEAQhuXhAAjAHRc/ggHB801vkA+U2uPEFdIO/oDTNX lq0XW72FUdjzrE0sNEAZbkpY6NxbA76HFDYHonP9o3DrUN6qd9I4xZgcqoCvZmIw ibDKmS+wAC9bY/7kw74FAQgvabJOq5Aq5TtQU0BKLq7Fx1q3d48O97JvusDbmxFP vezwKSJ+EPH0R/CzJHSm9KJsg+ukk+k+QfI0IOcFzCwVxG/9M91Ck9cvj6rOY6Du HRYTJ9POxD86eyN58V8PbzvqWW7Qq890KBcQ1T8t2hUFAuPX5koB1dbFMK6/C4bn wKL0shJUEpinZJZcQHinjqMsak2YfEotiyDpPGOk316y+1deFXhntAIEr2kwTgF7 57RaQpnmTYlTBdwDwY7vQ6IW6vRb+8LBEt8MwHCnA3+4hUVJNro+2Jz6iU7ZqGqC 4Q1pBuYs50RXp3aluU1LSMhNCnXJYRxgC/8Pq8FIYFcacGXqCuYQne9SjeI/+cil Fg25wepzdVWHoC6xLuamqXJLN6OBAsygW2ukjO2Bj91YS3oca72/mByNwwHXaU25 uYAgCkXq1V9VsD5KrR431UT63Wcd8IvQAHNDCaxsCVYQa4JT5bXeKpI+xOdejJVb HsPE33Tqijsfh0IWLwRIVZQ8U0dJlNVQeXIc1K1bKwV4xVBtkhKOxtgz+YATwN1T jbEVBIlP1Tc=IhCt -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial dbus upgrade released for Red Hat Enterprise Linux 7, fixing vulnerabilities related to denial of service and enhancing overall security.. dbus Security Update, Red Hat Advisory, Denial of Service Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 13, 2020 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowred hat

Red Hat 8.1 RHSA-2020-2380-01 Important: Firefox Security Update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2380-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2380 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: firefox-68.9.0-1.el8_1.src.rpm aarch64: firefox-68.9.0-1.el8_1.aarch64.rpm firefox-debuginfo-68.9.0-1.el8_1.aarch64.rpm firefox-debugsource-68.9.0-1.el8_1.aarch64.rpm ppc64le: firefox-68.9.0-1.el8_1.ppc64le.rpm firefox-debuginfo-68.9.0-1.el8_1.ppc64le.rpm firefox-debugsource-68.9.0-1.el8_1.ppc64le.rpm s390x: firefox-68.9.0-1.el8_1.s390x.rpm firefox-debuginfo-68.9.0-1.el8_1.s390x.rpm firefox-debugsource-68.9.0-1.el8_1.s390x.rpm x86_64: firefox-68.9.0-1.el8_1.x86_64.rpm firefox-debuginfo-68.9.0-1.el8_1.x86_64.rpm firefox-debugsource-68.9.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXtdmktzjgjWX9erEAQiO3g/+NZxkSEuEBm6qDpxKAo2LnIU8AncKqs9M 7KBPUxtgmJFZUyEGLGPQ4g52f+v0/AvciH3gUAj6UvWr3twBuaspEDu+IvFaWPHd w2OLX9tq9YS9xdSTkwpabMXBZTXkE+aOTiSzlc7iEx90tR2m8FR4aa4uDC8cfXQ0 4X8eg980CPXMprS9inifIVWtXdLN1oGToKKge5jBpzVi98kcCjh2hQquLEIJNtrK GCYiH3X0V0XUa5fdOVX2kPQPDG2jG1wxOQI1dIi10FkBpXMDvKzkVndu+dUjut3T ucCnLLOpiqT7PqcUK7rmZxx7NkccUVcv+kiQ57RkIr2ZKb5IAETZ/yH0GhCdoelK 8n4wgOUmyDPluXfaCqePzuWbxF4QGrbiRZmehSrV3VNExX6FMtcVlxzxhxIU9sDq MWmHrUWqSYfXXLtkUCy/F22vnqchublKWe7E1Z7n0Nu23NA19eLxTpbEr2r5+rpa FdTp4zhOIeKEcI9HBNqOubv1srcAO9E5/x8rNcc2B1pzu7qkDE/B0LM0XVMqjgTW yztf/BRok9IAuQCF1ITifmD2oDmCCTxK0brGZlyN89I/scfakdAgtBziQMIUNSUt ZmF3HS+ebL59uenqrzD+J3ZU5J6cR8J6wddJrjdlZ8T4CHG/9SJw4eXN807OqzrF aGKRsBBEpbE=NJpK -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Significant patch for Chrome on Ubuntu 20.04 addresses major vulnerabilities. Update now for improved protection and performance.. Firefox Update, Red Hat Security, Enterprise Linux, Security Advisory, Important Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 03, 2020 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatbug fix

Red Hat Enterprise Linux 7: RHSA-2020-1138 Moderate: Gettext Security Fix

An update for gettext is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: gettext security and bug fix update Advisory ID: RHSA-2020:1138-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1138 Issue date: 2020-03-31 CVE Names: CVE-2018-18751 ==================================================================== 1. Summary: An update for gettext is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Security Fix(es): * gettext: double free in default_add_message in read-catalog.c (CVE-2018-18751) Formore details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1647043 - CVE-2018-18751 gettext: double free in default_add_message in read-catalog.c 1788414 - [gettext] preuninstall scripts in TPS tests are failing for 2019:45774 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gettext-0.19.8.1-3.el7.src.rpm x86_64: gettext-0.19.8.1-3.el7.x86_64.rpm gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.i686.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: emacs-gettext-0.19.8.1-3.el7.noarch.rpm gettext-common-devel-0.19.8.1-3.el7.noarch.rpm x86_64: gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-devel-0.19.8.1-3.el7.i686.rpm gettext-devel-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gettext-0.19.8.1-3.el7.src.rpm x86_64: gettext-0.19.8.1-3.el7.x86_64.rpm gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.i686.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: emacs-gettext-0.19.8.1-3.el7.noarch.rpm gettext-common-devel-0.19.8.1-3.el7.noarch.rpm x86_64: gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-devel-0.19.8.1-3.el7.i686.rpm gettext-devel-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: gettext-0.19.8.1-3.el7.src.rpm noarch: gettext-common-devel-0.19.8.1-3.el7.noarch.rpm ppc64: gettext-0.19.8.1-3.el7.ppc64.rpm gettext-debuginfo-0.19.8.1-3.el7.ppc.rpm gettext-debuginfo-0.19.8.1-3.el7.ppc64.rpm gettext-devel-0.19.8.1-3.el7.ppc.rpm gettext-devel-0.19.8.1-3.el7.ppc64.rpm gettext-libs-0.19.8.1-3.el7.ppc.rpm gettext-libs-0.19.8.1-3.el7.ppc64.rpm ppc64le: gettext-0.19.8.1-3.el7.ppc64le.rpm gettext-debuginfo-0.19.8.1-3.el7.ppc64le.rpm gettext-devel-0.19.8.1-3.el7.ppc64le.rpm gettext-libs-0.19.8.1-3.el7.ppc64le.rpm s390x: gettext-0.19.8.1-3.el7.s390x.rpm gettext-debuginfo-0.19.8.1-3.el7.s390.rpm gettext-debuginfo-0.19.8.1-3.el7.s390x.rpm gettext-devel-0.19.8.1-3.el7.s390.rpm gettext-devel-0.19.8.1-3.el7.s390x.rpm gettext-libs-0.19.8.1-3.el7.s390.rpm gettext-libs-0.19.8.1-3.el7.s390x.rpm x86_64: gettext-0.19.8.1-3.el7.x86_64.rpm gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-devel-0.19.8.1-3.el7.i686.rpm gettext-devel-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.i686.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: emacs-gettext-0.19.8.1-3.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gettext-0.19.8.1-3.el7.src.rpm noarch: gettext-common-devel-0.19.8.1-3.el7.noarch.rpm x86_64: gettext-0.19.8.1-3.el7.x86_64.rpm gettext-debuginfo-0.19.8.1-3.el7.i686.rpm gettext-debuginfo-0.19.8.1-3.el7.x86_64.rpm gettext-devel-0.19.8.1-3.el7.i686.rpm gettext-devel-0.19.8.1-3.el7.x86_64.rpm gettext-libs-0.19.8.1-3.el7.i686.rpm gettext-libs-0.19.8.1-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: emacs-gettext-0.19.8.1-3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2018-18751 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOcG9zjgjWX9erEAQh4XA//f8IpOG282wpli5z99qL/otLT8hfUzPug 3JNMbB7OUVf3+/wo5t79oqMDiLRXWm4FRrqWcl/hOUPwff3VcRJpS9c8Fz10OIPM P6mXXmAZ9tFSFq2309hJbP/EZzGG9g/bQ6iL0jrJBXrLdUCKTyUWLSejT9cc7Pqw Fmr/x+r1r0A1laZ8iCtMFaFMBoDgb+klWacmJJ1xARxzFwneCz595rEQhbF0puOe TCxaf4r1GCtMmHoE9bM/6tHPg1svzvqcfc02iIOFIVGcNoib97P5pcMA27duMw62 9pjK6JI+p+TbQGlnAfFMDCO/Ipc35dOgrO9qcjqJCyFnrn7z748PhEJjlQcnLUtq aCtyhmYek8i7TBBGIGl3KWd/K660aYS2zbwO7Ee325l8ATNYrOreVxtJtTeKc6sX 3ROc/nbeF7gmGeWmAqwUFMzRKQJYp6tjiBkV0Yv1PQUfk96utuwfxMCeViQ5gC1e NBTjCV0VV2Jh51SRJxCtvR/lkDw6jyy3lMcC1eoqDrixd4U96jsBf9c9QQFx1ebJ qa11QYD/rR1Bm/pXpzFG3hd2J9OYbnVLsAw6XIvFSWSZl8SWpq8oW9L2FfVpdAl4 FmL/+OJ1xty3f5o0xmxLWem8ocXr2u08SP5icJnQNhVx4EFA4SxK1x8JVVEf1BSR Erh4AJDNqDA=qC3H -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore the recent gettext patch for Red Hat Enterprise Linux 7, addressing minor vulnerability issues and necessary upgrades.. Red Hat Enterprise Linux, gettext security, low severity fix. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Mar 31, 2020 Low Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryupdatebuffer overflow

Red Hat: RHSA-2020-0509-01 Important Sudo Buffer Overflow Advisory

An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2020:0509-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0509 Issue date: 2020-02-13 CVE Names: CVE-2019-18634 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1796944 - CVE-2019-18634 sudo: Stackbased buffer overflow when pwfeedback is enabled 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: sudo-1.8.25p1-4.el8_0.3.src.rpm aarch64: sudo-1.8.25p1-4.el8_0.3.aarch64.rpm sudo-debuginfo-1.8.25p1-4.el8_0.3.aarch64.rpm sudo-debugsource-1.8.25p1-4.el8_0.3.aarch64.rpm ppc64le: sudo-1.8.25p1-4.el8_0.3.ppc64le.rpm sudo-debuginfo-1.8.25p1-4.el8_0.3.ppc64le.rpm sudo-debugsource-1.8.25p1-4.el8_0.3.ppc64le.rpm s390x: sudo-1.8.25p1-4.el8_0.3.s390x.rpm sudo-debuginfo-1.8.25p1-4.el8_0.3.s390x.rpm sudo-debugsource-1.8.25p1-4.el8_0.3.s390x.rpm x86_64: sudo-1.8.25p1-4.el8_0.3.x86_64.rpm sudo-debuginfo-1.8.25p1-4.el8_0.3.x86_64.rpm sudo-debugsource-1.8.25p1-4.el8_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-18634 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkWe0tzjgjWX9erEAQi03A/+NtsxxNN8BThUU/fqplx51huDYJjO/u0p u9V6XD09wSdL8zqFCPYLFzZ02p2Dq5Qphmceb74rpbqi6cXk/SGxyxQQYIeXAyJi iI8a5R2CA16H2Whcmq5G+BF/pTWPYXYz92Uo068aV9s0Wq6HN54keQq3WMB/V29g dbKAx6w25vkCLUyAY9MsOVI8UhxEZfIUpMmiN7qHvubKnJiVdhpn1HBAgSBkjGo3 yUb7H2dkbfhilIOWhCbKGyZqD3jJTUvkGIthkaSpP+Kq+wDTajpJ1rOzv/7fZqKu LksgqMFBdY/QgsoRK3qF/y8eqAlypMhj/oewJ1IYPXfhOF6z2UaVlZkKPsiGigxl Ai6xAn0KRNlpGXuY5MUF4utaGpbOVW5+sms3VrIq0nZJVf+jwIfjTkWoFwPihRsx YKIQ/oBZJHATUKa4kdksqzoTRODCFXXabRFfYTHxLJOXdN+bLuL+B8x5331TTJIS vHudI8DItBjCeMLnY683v+pAXL9lzXpcGPmkl/kTl1BNXWFxJGupvEPF0L/F8Cg1 ZTDivmmznNJ0uZKBQqnd9Xc7jzDkpXS+M8Z4+E7kNX68k6w1irRKNjg5iIQDcDk+ KEkz81OlG2Q6vkUiV6wDrZOHQCzUSD22ngfBCjBnLFKejxBdx7clj4ncK4wwt301 laBZ27Xnvdc=2Nc4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Importantsudo security patch for Red Hat Enterprise Linux enhances operational control and resolves stack overflow issues.. Red Hat Updates, Sudo Security, SAP Solutions, Important Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 13, 2020 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here