Stay Vigilant with Timely Linux Security Advisories

security advisoryFedoraDoS

Fedora 42: 2025-c546fd3f09 DoS Issue Fix for Qt6 Qthttpserver

Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : qt6-qthttpserver Product : Fedora 42 Version : 6.9.1 Release : 1.fc42 URL : https://contribute.qt-project.org/ Summary : Library to facilitate the creation of an http server with Qt Description : Library to facilitate the creation of an http server with Qt. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 2 2025 Jan Grulich - 6.9.1-1 - 6.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The recent update to Qt version 6.9.1 fixes various bugs in the qthttpserver component. You can install it using dnf, and ensure the package's integrity by checking its signature.. Qt Update, Fedora 42, http server, Qt security, package management. . Severity: Important. LinuxSecurity.com Team

Jun 11, 2025 •Important Fedora

security advisorydebianrequest smuggling

Debian 11: DLA-3947-1 critical: puma request smuggling and proxy issue

Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : puma Version : 4.3.8-1+deb11u3 CVE ID : CVE-2024-21647 CVE-2024-45614 Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. CVE-2024-21647 Incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. CVE-2024-45614 Clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. For Debian 11 bullseye, these problems have been fixed in version 4.3.8-1+deb11u3. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest security update DLA-3948-1 concerns critical flaws in the Apache web server within Debian, urging users to promptly update for enhanced protection.. Debian Security, Puma Server, HTTP Vulnerabilities, Request Smuggling. . Severity: Critical. LinuxSecurity.com Team

Nov 06, 2024 •Critical Debian LTS

security advisorymoderateFedora

Fedora 40: 2024-bfb8617ba3 Moderate: Qt6-Qthttpserver Bugfix

Qt 6.7.1 bugfix update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-bfb8617ba3 2024-05-29 03:35:14.763998 -------------------------------------------------------------------------------- Name : qt6-qthttpserver Product : Fedora 40 Version : 6.7.1 Release : 1.fc40 URL : https://contribute.qt-project.org/ Summary : Library to facilitate the creation of an http server with Qt Description : Library to facilitate the creation of an http server with Qt. -------------------------------------------------------------------------------- Update Information: Qt 6.7.1 bugfix update. -------------------------------------------------------------------------------- ChangeLog: * Tue May 21 2024 Jan Grulich - 6.7.1-1 - 6.7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282868 - CVE-2024-36048 qt6-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2282868 [ 2 ] Bug #2282870 - CVE-2024-36048 qt6-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2282870 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-bfb8617ba3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Qt 6.7.1 patch release for Fedora 40 resolves significant vulnerabilities affecting http server functionality.. Fedora 40, Qt6-Qthttpserver, Security Update, HTTP Server Library. . LinuxSecurity.com Team

May 29, 2024 Fedora

security advisorymoderatesecurity fix

Ubuntu 16.04 ESM: USN-5839-2 Moderate: Apache2 Header Truncation Issue

Several security issues were fixed in Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-5839-2 February 02, 2023 apache2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client. (CVE-2022-37436) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5839-2 https://ubuntu.com/security/notices/USN-5839-1 CVE-2022-37436 . Multiple vulnerabilities have been addressed in the Apache HTTP Server for Ubuntu 16.04 ESM. Implement this update promptly to resolve the issues.. apache server updates, ubuntu security advisory, http server flaws. . Severity: Important. LinuxSecurity.com Team

Feb 02, 2023 •Important Ubuntu

security advisoryred hatsecurity fix

RedHat: RHSA-2022-8841-01 Important: JBoss HTTP Server Security Fixes

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8841-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8841 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves asa replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303) * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304) * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * curl: HSTS bypass via IDN (CVE-2022-42916) * curl: HTTP proxy double-free (CVE-2022-42915) * curl: POST following PUT confusion (CVE-2022-32221) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * curl: control code in cookie denial of service (CVE-2022-35252) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: various flaws (CVE-2022-32206 CVE-2022-32208) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: c_rehash script allows command injection (CVE-2022-1292) * jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles 5.References: https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ISDNzjgjWX9erEAQgEARAAk3AoWC6HmNSunF0rR5yoCDY15obEy2RP yXhkBs62D3xZC8r1ZrA8cVUBQZy0NMmSJx6bQzWNA5gxli8rTvgoppeovTNSCLdu 5wAIhzmWFn8BSZeGH7Rmn/NIQ7aKgO2y461cCg1Nm7/Kl+JYeqUoWyx3tcTw5yPD edmdSxIW9EDKdOWlXd5dx8/zXeT6LeP5x/PTepI8dXQgSDm0fYnMPIrT8Ke+BNQ+ lgl7g7KH9HE8MbCmMROTTOMTpaZxE7B8ISlXcxmjhOiSmZ1uhp6AnDg/flccrI4J l5XF0YXej35npDxLPfFd7uGDGREB9vL2itlkwa4mtqVH6GlYbvPttF5AaiVTHJ5m IE3fJ6B6+HFRntBbrnydTohAxPDM+ne8lGLzqDEiOpZa3DW7+JT4g02uOuKoI+VX dz/498ASzNF1pfAKgUhl+E2I1odTM1zP+rdV+kbZ9EVJ+LgszdPFq9bWWuIpg7hY b0ZD8Wm3nUFMQwSv5DlwdSqcfrK6+08wO9yAAbzZGKVVtRKgAJUQFdjtvuP77+Wr vPOr3tOT0O5NCo7alVOhucn7KOKmPSQkMZ3rtJjdoCs/WLKJAY3jz5/HZEc59o2e 4uhDqFmRdfeXcS3b2MMliv6GYIjAOzfDmRKL9H01wGClNbguHYyFlEiozOKMfz4F RE3AhHs6QXA=9z8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial patch release for Red Hat JBoss Core Services addresses multiple security flaws. Maintain your security posture!. Red Hat JBoss Core Services, HTTP Server Security, Important Update, Security Impact, JBoss Security Fixes. . Severity: Important. LinuxSecurity.com Team

Dec 08, 2022 •Important Red Hat

security advisorysecurity fixjava update

Scientific Linux SL7 SLSA-2022:7002-1 Moderate: OpenJDK Security Issues

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624 [More...]. Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2022:7002-1 Issue Date: 2022-10-20 CVE Numbers: CVE-2022-21619 CVE-2022-21626 CVE-2022-21624 CVE-2022-21628 -- Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 8u352) -- SL7 x86_64 java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el7_9.x86_64.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el7_9.noarch.rpm - Scientific Linux Development Team . The recent security and maintenance patch for java-1.8.0-openjdk mitigates significant vulnerabilities ahead of the scheduled quarterly deployment.. OpenJDK Update, Java Security Fixes, SL7 Packages. . LinuxSecurity.com Team

Oct 21, 2022 Scientific Linux

security advisorybuffer overflowred hat enterprise linux

RHEL 7 java-11-openjdk Security Update RHSA-2022-7008-01 Moderate Threat

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: RHSA-2022:7008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7008 Issue date: 2022-10-19 CVE Names: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) (BZ#2130373) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2130373 - Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [rhel-7.9.z] 2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) 2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) 2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) 2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) 2133776 - CVE-2022-39399 OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) 2133817 - CVE-2022-21618 OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: java-11-openjdk-11.0.17.0.8-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-11-openjdk-11.0.17.0.8-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: java-11-openjdk-11.0.17.0.8-2.el7_9.src.rpm ppc64: java-11-openjdk-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.ppc64.rpm ppc64le: java-11-openjdk-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.ppc64le.rpm s390x: java-11-openjdk-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.s390x.rpm x86_64: java-11-openjdk-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.ppc64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: java-11-openjdk-11.0.17.0.8-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.17.0.8-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-src-11.0.17.0.8-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGINPGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1C5JNzjgjWX9erEAQhj8w//RUsDzgmgcttv7giIGG2ft9H1JMK1WmSb nA+p0bGt9jA5yp7HTxRKgfIQ9bop2+ZKh7NOj8qMyhnW9QUxGraGwmHcLOEoPV27 +yUbmyx6Vwt2gc+fyd/9VDpmH6ugtyWH0tsEx/gOXB6lina41CC0izdIt2LdcM83 tb+uQenxQd9a7V0MZfYVCiTIlo4D0IDm+rvgUtYRhZF2AbAPngH4rUj3SLUdnwMi 60KqTVmwcv6RQ2xZNbkrtDos9OgVLWqRJ9pspLe81KPW06+afkjm9Dl6e03eDd26 IK7Qmp4DgKrrInIECAVox/qQFS+8UjIleUbzvD9AOZdTSZkoUY6kqbj1EHJF8PBF bGfKa4Gn1IEnz6jWXc+0lzpmm+j5//99Uea4AhQPPNpPAiwkUSxQqeyM0g50JIx1 HkXjgXxNns2FR46/3rZzXTyObXGJVr1TyG9R1OxUAnObS90lZhsJcWdL55tgOUqr kigCwf0a6waJ2cN9yArnzywDBhWKR+FflnurxKrG7Lq5Q2Xmpsv0wKGVKjFIgzrv kly11Tq/E5r8TYy7zyTXR/j50jAqVLog4NQNaUGGxUtHdlTrWa1E1UFxPLMAZZES YnRejAecsDbrzHyzAYrvXMSbykNH6BQ2o9NpTs6zAb4AME+mPwhFQc/WkH5+8TR4 RyoR8MMXBXc=RFnE -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent advisory from Red Hat outlines a significant update for java-11-openjdk, which resolves various security vulnerabilities and bug-related concerns.. Java 11 Update, Red Hat Security, Java Runtime Environment. . LinuxSecurity.com Team

Oct 19, 2022 Red Hat

security advisorycriticalubuntu

Ubuntu 16.04 ESM USN-5629-1 Critical: Python Server Traffic Redirect

Python could be made to redirect web traffic if its http.server received a specially crafted request.. =========================================================================Ubuntu Security Notice USN-5629-1 September 22, 2022 python3.5 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Python could be made to redirect web traffic if its http.server received a specially crafted request. Software Description: - python3.5: An interactive high-level object-oriented language Details: It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libpython3.5 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm5 python3.5 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5 After a standard system update you need to restart the python3 http.server to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5629-1 CVE-2021-28861 . The Ubuntu Security Notice USN-5630-1 underscores a python3.8 flaw that could result in unintentional data exposure.. Python Server Security, Ubuntu Security Update, Web Traffic Redirection. . Severity: Critical. LinuxSecurity.com Team

Sep 22, 2022 •Critical Ubuntu

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 42: 2025-c546fd3f09 DoS Issue Fix for Qt6 Qthttpserver

Debian 11: DLA-3947-1 critical: puma request smuggling and proxy issue

Fedora 40: 2024-bfb8617ba3 Moderate: Qt6-Qthttpserver Bugfix

Ubuntu 16.04 ESM: USN-5839-2 Moderate: Apache2 Header Truncation Issue

RedHat: RHSA-2022-8841-01 Important: JBoss HTTP Server Security Fixes

Scientific Linux SL7 SLSA-2022:7002-1 Moderate: OpenJDK Security Issues

RHEL 7 java-11-openjdk Security Update RHSA-2022-7008-01 Moderate Threat

Ubuntu 16.04 ESM USN-5629-1 Critical: Python Server Traffic Redirect

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!