Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
197
security advisorymoderatesecurity issueDebian 9: DLA-3015-1 Moderate: Ark Path Handling Issues Resolution
Fabian Vogt and Dominik Penner discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3015-1
May 20, 2022
•Important
Debian LTS
87
security advisoryDebianpath sanitizationDebian: DSA-4738-1 Moderate: Ark Archive Manager Path Issue
Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4738-1
Jul 31, 2020
Debian
197
security advisoryupdateremote code executionDebian LTS: DLA-2038-1 Critical Libssh Update With Arbitrary Command Risk
It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server. . Package : libssh Version : 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548 It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server. For Debian 8 "Jessie", this problem has been fixed in version 0.6.3-4+deb8u4. We recommend that you upgrade your libssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Update libssh library version to 0.6.3-4+deb8u4 to address significant input validation vulnerability that permits arbitrary command execution.. libssh security, Debian update, path sanitization, arbitrary command execution. . Severity: Critical. LinuxSecurity.com Team
Dec 17, 2019
•Critical
Debian LTS
197
security advisorydebiandirectory traversalDebian: DLA-1853-1 Critical: libspring-java Directory Traversal Issues
Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. . Package : libspring-java Version : 3.0.6.RELEASE-17+deb8u1 CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 Debian Bug : 760733 769698 796137 849167 Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. CVE-2014-3578 A directory traversal vulnerability that allows remote attackers to read arbitrary files via a crafted URL. CVE-2014-3625 A directory traversal vulnerability that allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. CVE-2015-3192 Improper processing of inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. CVE-2015-5211 Reflected File Download (RFD) attack vulnerability, which allows a malicious user to craft a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. CVE-2016-9878 Improper path sanitization in ResourceServlet, which allows directory traversal attacks. For Debian 8 "Jessie", these problems have been fixed in version 3.0.6.RELEASE-17+deb8u1. We recommend that you upgrade your libspring-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade libspring-java to version 3.0.6.RELEASE-17+deb8u1 to address multiple vulnerabilities, primarily focusing on preventing directory traversal exploits.. libspring-java Security Fix, Debian Package Update, Directory Traversal Risk. . Severity: Critical. LinuxSecurity.com Team
Jul 13, 2019
•Critical
Debian LTS
98
security advisorybug fiximportantCritical Update on S2I Security Issue for Red Hat Software Collections
An update for source-to-image is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: source-to-image security, bug fix, and enhancement update Advisory ID: RHSA-2019:0036-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:0036 Issue date: 2019-01-08 CVE Names: CVE-2018-1102 ==================================================================== 1. Summary: An update for source-to-image is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 3. Description: Source-to-Image (S2I) is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image (the builder) and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. The following packages have been upgraded to a later upstreamversion: source-to-image (1.1.13). (BZ#1654243) Security Fix(es): * source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1336631 - Incorrect file name in s2i build help page for flag --use-config 1450131 - RFE: Update official RPMs to enable the --runtime-image feature 1562246 - CVE-2018-1102 source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: source-to-image-1.1.13-1.el7.src.rpm x86_64: source-to-image-1.1.13-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: source-to-image-1.1.13-1.el7.src.rpm x86_64: source-to-image-1.1.13-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: source-to-image-1.1.13-1.el7.src.rpm x86_64: source-to-image-1.1.13-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: source-to-image-1.1.13-1.el7.src.rpm x86_64: source-to-image-1.1.13-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1102 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXDSpZNzjgjWX9erEAQib1g/9EwPeqwNsDaoto9LgKpud7Yh/HOusDmwD gFxXAPioC5atZXJYKoBVebGL3OazFrR1ZB2M2Xm4FnlbFVyB94gu8VW/2z8linjk Io/1B3yE4ZPECMY/G2UxGd5rHmICFk9yta5eOrsRStDKbcgvG94zM2jjTUIyUxEC LoADcjBeUhgQ510VY6yDAR1G7yBrZXd50TwcBT1X9Iqb8Lhx0s1Pft6E7fN2wTRV gTkbJ3LwnRp6AkAoj+5GgXmd9Fx6SKPy86CupQ7RuBtV7J9JnIRdLH67b7qxjqfz X95geqdRT3XNyZGVIa3TBkc7ipa/eXRtNb6slfLTvenm+xcd4mfwFTTRL5KEBZ5j hIrm5Zaja7Y5KiJiTtWECjRr8mAXHfAwC/rECKXETYaUo0iosTvQl9TZX0U+fzEP KtuVZ3gU2nrIt8K/cMb/JOjDmvKSbxsuzYTg8J58zb8eYFZCd5AZcfWd0jLYP5hT rbNrme1MXNZSaFjT3jfBJaVyM+pSWH1OGiE+o4qnoIT4khRQPjV5fee7m3HQs1n4 K5FyC8KHv3JDD/gQDhXbSIxhxIZ2FYMp53TbbI+iCborxt9MqGXK2Ua/xhdSQOhs w/NJDqO3Gk8DES788DuTiGFCGWD2TtE4JLoeRrYZqHtJ7Zq1dKz6bptu7kNoqgkO R8tMpTk2eGk=3gkI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 08, 2019
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat OpenShift 3.4 RHSA-2018:1237-01 Critical Path Issue
An update is now available for Red Hat OpenShift Container Platform 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: OpenShift Container Platform 3.4 security update Advisory ID: RHSA-2018:1237-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2018:1237 Issue date: 2018-04-30 CVE Names: CVE-2018-1102 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.4 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:1236 Security Fix(es): * source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described inthis advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1552613 - Failed to start pods consuming Config Maps as volumes at OCP 3.4.1.44.38 1562246 - CVE-2018-1102 source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go 6. Package List: Red Hat OpenShift Container Platform 3.4: Source: atomic-openshift-3.4.1.44.53-1.git.0.d7eb028.el7.src.rpm openshift-ansible-3.4.168-1.git.0.bb73aad.el7.src.rpm python-ruamel-yaml-0.12.14-9.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.4.1.44.53-1.git.0.d7eb028.el7.noarch.rpm atomic-openshift-excluder-3.4.1.44.53-1.git.0.d7eb028.el7.noarch.rpm atomic-openshift-utils-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-callback-plugins-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-docs-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-filter-plugins-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-lookup-plugins-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-playbooks-3.4.168-1.git.0.bb73aad.el7.noarch.rpm openshift-ansible-roles-3.4.168-1.git.0.bb73aad.el7.noarch.rpm x86_64: atomic-openshift-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-clients-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-dockerregistry-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-master-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-node-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-pod-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm atomic-openshift-tests-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm python-ruamel-yaml-debuginfo-0.12.14-9.el7.x86_64.rpm python2-ruamel-yaml-0.12.14-9.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.4.1.44.53-1.git.0.d7eb028.el7.x86_64.rpm These packages are GPGsigned by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1102 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa5qkqXlSAg2UNWIIRApYkAJ9Yc2FVrkhHTkU8YkR5e97IkfLDpQCgrIhq xWLD6JXb6Keo5JNfjWd4K5U=D/oM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2018
•Critical
Red Hat
98
security advisoryRed HatcriticalRed Hat OpenShift 3.6 RHSA-2018-1233-01 Critical Fix: Path Security Issue
An update is now available for Red Hat OpenShift Container Platform 3.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: OpenShift Container Platform 3.6 security and bug fix update Advisory ID: RHSA-2018:1233-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2018:1233 Issue date: 2018-04-30 CVE Names: CVE-2018-1102 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 3.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.6 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:1232 Security Fix(es): * source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102) This update also fixes the following bugs: * Image validation used to validate old image objects, and an invalid image could be pushed to etcd. With this bug fix, validation has been changed to validate new image objects, and as a result it is no longer possible to uploadan invalid image object. (BZ#1559982) * A panic could occur due to concurrent writes to cache. This bug fix protects writes to the cache with mutex. As a result, the cache is safe to use concurrently. (BZ#1549916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1490989 - Maximal ebs-volumes of an ec2-instance: 52/54? 1549916 - [3.6][Backport] internal image registry was down due to data race 1554866 - [3.6] subpath volume mounts do not work with secret, configmap, projected, or downwardAPI volumes 1556796 - [3.6] Mounting file in a subpath fails if file was created in initContainer 1559670 - [3.6] Fail to update EFK: 'namespace' 1559982 - [3.6][Backport] oc adm migrate storage produces error as signature annotations forbidden 1561236 - Kubernetes Patch request - "CreateContainerConfigError: failed to prepare subPath for volumeMount" error with configMap volume 1562246 - CVE-2018-1102 source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go 1563317 - Mounting socket files from subPaths fail 6. Package List: Red Hat OpenShift Container Platform3.6: Source: atomic-openshift-3.6.173.0.113-1.git.0.65fb9fb.el7.src.rpm rubygem-cool.io-1.5.3-1.el7.src.rpm rubygem-excon-0.60.0-1.el7.src.rpm rubygem-faraday-0.13.1-1.el7.src.rpm rubygem-ffi-1.9.23-1.el7.src.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.1-1.el7.src.rpm rubygem-fluent-plugin-systemd-0.0.9-1.el7.src.rpm rubygem-minitest-5.10.3-1.el7.src.rpm rubygem-msgpack-1.2.2-1.el7.src.rpm rubygem-multi_json-1.13.1-1.el7.src.rpm rubygem-systemd-journal-1.3.1-1.el7.src.rpm rubygem-tzinfo-1.2.5-1.el7.src.rpm rubygem-tzinfo-data-1.2018.3-1.el7.src.rpm rubygem-unf_ext-0.0.7.5-1.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.6.173.0.113-1.git.0.65fb9fb.el7.noarch.rpm atomic-openshift-excluder-3.6.173.0.113-1.git.0.65fb9fb.el7.noarch.rpm rubygem-cool.io-doc-1.5.3-1.el7.noarch.rpm rubygem-excon-0.60.0-1.el7.noarch.rpm rubygem-excon-doc-0.60.0-1.el7.noarch.rpm rubygem-faraday-0.13.1-1.el7.noarch.rpm rubygem-faraday-doc-0.13.1-1.el7.noarch.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.1-1.el7.noarch.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-doc-1.0.1-1.el7.noarch.rpm rubygem-fluent-plugin-systemd-0.0.9-1.el7.noarch.rpm rubygem-fluent-plugin-systemd-doc-0.0.9-1.el7.noarch.rpm rubygem-minitest-5.10.3-1.el7.noarch.rpm rubygem-minitest-doc-5.10.3-1.el7.noarch.rpm rubygem-msgpack-doc-1.2.2-1.el7.noarch.rpm rubygem-multi_json-1.13.1-1.el7.noarch.rpm rubygem-multi_json-doc-1.13.1-1.el7.noarch.rpm rubygem-systemd-journal-1.3.1-1.el7.noarch.rpm rubygem-systemd-journal-doc-1.3.1-1.el7.noarch.rpm rubygem-tzinfo-1.2.5-1.el7.noarch.rpm rubygem-tzinfo-data-1.2018.3-1.el7.noarch.rpm rubygem-tzinfo-data-doc-1.2018.3-1.el7.noarch.rpm rubygem-tzinfo-doc-1.2.5-1.el7.noarch.rpm rubygem-unf_ext-doc-0.0.7.5-1.el7.noarch.rpm x86_64: atomic-openshift-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-clients-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-cluster-capacity-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-dockerregistry-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-federation-services-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-master-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-node-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-pod-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-service-catalog-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm atomic-openshift-tests-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm rubygem-cool.io-1.5.3-1.el7.x86_64.rpm rubygem-cool.io-debuginfo-1.5.3-1.el7.x86_64.rpm rubygem-ffi-1.9.23-1.el7.x86_64.rpm rubygem-ffi-debuginfo-1.9.23-1.el7.x86_64.rpm rubygem-msgpack-1.2.2-1.el7.x86_64.rpm rubygem-msgpack-debuginfo-1.2.2-1.el7.x86_64.rpm rubygem-unf_ext-0.0.7.5-1.el7.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.5-1.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.6.173.0.113-1.git.0.65fb9fb.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1102 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa5pUDXlSAg2UNWIIRAsugAKCpo7iRBSR962dtm5QhtpRzePj6TwCdED97 0/aYFd+9bGWK8sJMEVR440U=KFYZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2018
•Critical
Red Hat
98
security advisorycritical issuesecurity updateRed Hat OpenShift 3.1 RHSA-2018:1243-01 Critical Path Sanitization Issue
An update is now available for Red Hat OpenShift Container Platform 3.1. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: OpenShift Container Platform 3.1 security update Advisory ID: RHSA-2018:1243-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2018:1243 Issue date: 2018-04-29 CVE Names: CVE-2018-1102 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 3.1. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:1242 Security Fix(es): * source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go (CVE-2018-1102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1562246 - CVE-2018-1102 source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go 1570157 - Placeholder for OCP 3.1.z 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.11-4.git.3.12809c8.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.1.1.11-4.git.3.12809c8.el7.noarch.rpm atomic-openshift-excluder-3.1.1.11-4.git.3.12809c8.el7.noarch.rpm x86_64: atomic-openshift-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-clients-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-master-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-node-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-pod-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-recycle-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.11-4.git.3.12809c8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1102 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa5iGyXlSAg2UNWIIRAu/8AJ91Su8n//JkYuMsKVjiusr6r63S6gCgj5Ru wWLcaB5WsIOkawVTyuFGP5k=MBBC -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 29, 2018
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!