Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
217
security advisoryruby updatemoderate securityOracle Linux 8 ELSA-2024-4499 Moderate: Ruby Buffer Overread Fix
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4499 http://linux.oracle.com/errata/ELSA-2024-4499.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm ruby-irb-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.i686.rpm rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bundler-doc-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-did_you_mean-1.2.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.i686.rpm rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.i686.rpm rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-minitest-5.10.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-net-telnet-0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.i686.rpm rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-power_assert-1.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.i686.rpm rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm rubygem-rake-12.3.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-rdoc-6.0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-test-unit-3.2.7-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-xmlrpc-0.3.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygems-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygems-devel-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm aarch64: ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm ruby-irb-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bundler-doc-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-did_you_mean-1.2.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-minitest-5.10.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-net-telnet-0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-power_assert-1.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-rake-12.3.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-rdoc-6.0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-test-unit-3.2.7-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-xmlrpc-0.3.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygems-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygems-devel-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.src.rpm Related CVEs: CVE-2023-36617 CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 CVE-2024-35176 Description of changes: ruby [2.5.9-112] - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. (CVE-2023-36617) Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-34125 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-34117 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-33867 - Fix REXML DoS parsing an XML with many
Jul 19, 2024
•Important
Oracle
219
security advisoryupdateimportantRocky Linux 8 RLSA-2023:4645 Important RCE and DoS Security Update
Important: .NET 6.0 security, bug fix, and enhancement update . {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4645", "synopsis": "Important: .NET 6.0 security, bug fix, and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dotnet6.0.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21.\n\nSecurity Fix(es):\n\n* dotnet: RCE under dotnet commands (CVE-2023-35390)\n\n* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2228621", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2228621", "description": ""}, {"ticket": "2228622", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2228622", "description": ""}], "cves": [{"name": "CVE-2023-35390", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-35390", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "UNKNOWN"}, {"name": "CVE-2023-38180", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-38180", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-400"}], "references": [], "publishedAt": "2023-10-06T23:10:12.373291Z","rpms": {"Rocky Linux 8": {"nvras": ["aspnetcore-runtime-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "aspnetcore-targeting-pack-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet6.0-0:6.0.121-1.el8_8.src.rpm", "dotnet6.0-debuginfo-0:6.0.121-1.el8_8.aarch64.rpm", "dotnet6.0-debugsource-0:6.0.121-1.el8_8.aarch64.rpm", "dotnet-apphost-pack-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-apphost-pack-6.0-debuginfo-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-hostfxr-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-hostfxr-6.0-debuginfo-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-runtime-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-runtime-6.0-debuginfo-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-sdk-6.0-0:6.0.121-1.el8_8.aarch64.rpm", "dotnet-sdk-6.0-debuginfo-0:6.0.121-1.el8_8.aarch64.rpm", "dotnet-sdk-6.0-source-built-artifacts-0:6.0.121-1.el8_8.aarch64.rpm", "dotnet-targeting-pack-6.0-0:6.0.21-1.el8_8.aarch64.rpm", "dotnet-templates-6.0-0:6.0.121-1.el8_8.aarch64.rpm", "aspnetcore-runtime-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "aspnetcore-targeting-pack-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet6.0-debuginfo-0:6.0.121-1.el8_8.x86_64.rpm", "dotnet6.0-debugsource-0:6.0.121-1.el8_8.x86_64.rpm", "dotnet-apphost-pack-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-apphost-pack-6.0-debuginfo-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-hostfxr-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-hostfxr-6.0-debuginfo-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-runtime-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-runtime-6.0-debuginfo-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-sdk-6.0-0:6.0.121-1.el8_8.x86_64.rpm", "dotnet-sdk-6.0-debuginfo-0:6.0.121-1.el8_8.x86_64.rpm", "dotnet-sdk-6.0-source-built-artifacts-0:6.0.121-1.el8_8.x86_64.rpm", "dotnet-targeting-pack-6.0-0:6.0.21-1.el8_8.x86_64.rpm", "dotnet-templates-6.0-0:6.0.121-1.el8_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The recent Rocky Linux 8 update addresses critical vulnerabilities in .NET 6.0, targeting RCE and DoS threats. Update your systems to protect against exploits.. Rocky Linux, .NET Security Fix, RCE VulnerabilityFix. . Severity: Important. LinuxSecurity.com Team
Oct 06, 2023
•Important
Rocky Linux
98
security advisoryupdateimportantRedHat Enterprise Linux 8 RHSA-2023:4643-01 Important: .NET 7.0 RCE and DoS
An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2023:4643-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4643 Issue date: 2023-08-14 CVE Names: CVE-2023-35390 CVE-2023-38180 ===================================================================== 1. Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: dotnet7.0-7.0.110-1.el8_8.src.rpm aarch64: aspnetcore-runtime-7.0-7.0.10-1.el8_8.aarch64.rpm aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.aarch64.rpm dotnet-7.0.110-1.el8_8.aarch64.rpm dotnet-apphost-pack-7.0-7.0.10-1.el8_8.aarch64.rpm dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-host-7.0.10-1.el8_8.aarch64.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-hostfxr-7.0-7.0.10-1.el8_8.aarch64.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-runtime-7.0-7.0.10-1.el8_8.aarch64.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-sdk-7.0-7.0.110-1.el8_8.aarch64.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm dotnet-targeting-pack-7.0-7.0.10-1.el8_8.aarch64.rpm dotnet-templates-7.0-7.0.110-1.el8_8.aarch64.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.aarch64.rpm netstandard-targeting-pack-2.1-7.0.110-1.el8_8.aarch64.rpm ppc64le: aspnetcore-runtime-7.0-7.0.10-1.el8_8.ppc64le.rpm aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm dotnet-7.0.110-1.el8_8.ppc64le.rpm dotnet-apphost-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-host-7.0.10-1.el8_8.ppc64le.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-hostfxr-7.0-7.0.10-1.el8_8.ppc64le.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-runtime-7.0-7.0.10-1.el8_8.ppc64le.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-sdk-7.0-7.0.110-1.el8_8.ppc64le.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm dotnet-targeting-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm dotnet-templates-7.0-7.0.110-1.el8_8.ppc64le.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.ppc64le.rpm netstandard-targeting-pack-2.1-7.0.110-1.el8_8.ppc64le.rpm s390x: aspnetcore-runtime-7.0-7.0.10-1.el8_8.s390x.rpm aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.s390x.rpm dotnet-7.0.110-1.el8_8.s390x.rpm dotnet-apphost-pack-7.0-7.0.10-1.el8_8.s390x.rpm dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-host-7.0.10-1.el8_8.s390x.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-hostfxr-7.0-7.0.10-1.el8_8.s390x.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-runtime-7.0-7.0.10-1.el8_8.s390x.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-sdk-7.0-7.0.110-1.el8_8.s390x.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm dotnet-targeting-pack-7.0-7.0.10-1.el8_8.s390x.rpm dotnet-templates-7.0-7.0.110-1.el8_8.s390x.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.s390x.rpm netstandard-targeting-pack-2.1-7.0.110-1.el8_8.s390x.rpm x86_64: aspnetcore-runtime-7.0-7.0.10-1.el8_8.x86_64.rpm aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.x86_64.rpm dotnet-7.0.110-1.el8_8.x86_64.rpm dotnet-apphost-pack-7.0-7.0.10-1.el8_8.x86_64.rpm dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-host-7.0.10-1.el8_8.x86_64.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-hostfxr-7.0-7.0.10-1.el8_8.x86_64.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-runtime-7.0-7.0.10-1.el8_8.x86_64.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-sdk-7.0-7.0.110-1.el8_8.x86_64.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm dotnet-targeting-pack-7.0-7.0.10-1.el8_8.x86_64.rpm dotnet-templates-7.0-7.0.110-1.el8_8.x86_64.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.x86_64.rpm netstandard-targeting-pack-2.1-7.0.110-1.el8_8.x86_64.rpm Red Hat Enterprise Linux CRB (v.8): aarch64: dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.aarch64.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.aarch64.rpm ppc64le: dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.ppc64le.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.ppc64le.rpm s390x: dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.s390x.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.s390x.rpm x86_64: dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-host-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.x86_64.rpm dotnet7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm dotnet7.0-debugsource-7.0.110-1.el8_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-35390 https://access.redhat.com/security/cve/CVE-2023-38180 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk2oy6AAoJENzjgjWX9erEjeAP/iLDSy13Bn4eWSwgaBrF7OCe MknMYGPt3wLsS+WJ/UeLoFV/rQT2o+r1ZZPtpuATWP25sGmPtiSvDMfttWEevFbi Vu1wi/RHTgEd7iJ0RiVDLyRuS1fsUj5vqORYgvu+FFIy/gTmrV2SWenxKCadiBBe uXKU/L8QUtnGMKDGHtEqpt0B3XEKsYG+nB72um83RegEM+R3uPRYdJw4V7lgL85W O9/Rrq6BexhQ2ChWxAS7qzOxk3Q/iW80hRB0HNu7ljNlWXYEpkGKUXmrPvjFGAX4 UKPD0tLUVopcGId1drzRUNp4uRPGX8MILwQfgwZVkfK4k9wYEyck8GnbRCGzZYtz TfA4DYI30rVkqvcc4oJCP9hnV09KpfzWNNyqcn6876V4j+1tBwveVTDApsLbCwYa +naFV4E/kR0RP0XBL20Eu9paHIyVcSiW4QPUrgtW7v7wGVH6fM5Jlb84apnjsck+ LF76uuZNO2dVQPlokYh1VFzLHdOJiKBndQ0UY6XAd/RG/08V3+UmTECf2ghS+viJ rL3FqvDX4uTMBjehCom/hYNux7+iuCxSl8y2rYAKcBlu/qe53CpZbxEZjIZdZz/2 Wa7oaygnxkeuCNlKZgoNm9l6/Nh2JzmWTqboZXy8vDH5K0CQIKHhuo09FC5+ZONw TK47hhUufwD66+TPMtNt =8QYr -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 14, 2023
•Important
Red Hat
98
security advisoryred hatimportantRedHat RHEL 9 RHSA-2023-4644-01 Important: .NET 6.0 RCE and DoS Fix
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 security, bug fix, and enhancement update Advisory ID: RHSA-2023:4644-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4644 Issue date: 2023-08-14 CVE Names: CVE-2023-35390 CVE-2023-38180 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, s390x, x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: dotnet6.0-6.0.121-1.el9_2.src.rpm aarch64: aspnetcore-runtime-6.0-6.0.21-1.el9_2.aarch64.rpm aspnetcore-targeting-pack-6.0-6.0.21-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-6.0.21-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-6.0.21-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-runtime-6.0-6.0.21-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-sdk-6.0-6.0.121-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.aarch64.rpm dotnet-targeting-pack-6.0-6.0.21-1.el9_2.aarch64.rpm dotnet-templates-6.0-6.0.121-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.aarch64.rpm s390x: aspnetcore-runtime-6.0-6.0.21-1.el9_2.s390x.rpm aspnetcore-targeting-pack-6.0-6.0.21-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-6.0.21-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-6.0.21-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-runtime-6.0-6.0.21-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-sdk-6.0-6.0.121-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.s390x.rpm dotnet-targeting-pack-6.0-6.0.21-1.el9_2.s390x.rpm dotnet-templates-6.0-6.0.121-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.s390x.rpm x86_64: aspnetcore-runtime-6.0-6.0.21-1.el9_2.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.21-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-6.0.21-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-6.0.21-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-runtime-6.0-6.0.21-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-sdk-6.0-6.0.121-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.x86_64.rpm dotnet-targeting-pack-6.0-6.0.21-1.el9_2.x86_64.rpm dotnet-templates-6.0-6.0.121-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.x86_64.rpm Red Hat Enterprise Linux CRB (v. 9): aarch64: dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.aarch64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.aarch64.rpm s390x: dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.s390x.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.s390x.rpm x86_64: dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_2.x86_64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.121-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.121-1.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-35390 https://access.redhat.com/security/cve/CVE-2023-38180 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2ox9AAoJENzjgjWX9erEsTgP/0O+dNLBvLcAbqiPDXOABuen 4fHVTTxufdhso9hANConEEOu3Bthf1iCTBGkOyH4B+DN39dnDoD2gHOO+6WTbJgW OtSIuzra9pVeBCn9OSSJ8dIBqrx4X4oY65tLfhjl0uCuv0mgBF9jqFdaXcMnox+g Gs5Yup+nMkT6rcWjApfqIkk34hlVywZ5n1FvSAIhcl5CnNQc/CCgztbKyGIYggCZ 07lHFyd+TM0lbvqPBA3E0aTW0ttyupTEufe6ws65pCXkFb7XdKXM/2ykwvs4LTgH cgiBgksao5beHRZN5pp9DtozbciF3oINXWs1/nzYpVcn8/cGP8ENo4HXq2iDE8js l2OszmmlZrRnYlvcyAwRGdSR85cJJ27WIMLuw8lIPMsbu5ySUX0jESHGGnJgNGNr yp62Yx7QuG6hG1lmDaEQLXHxoxumVuuyyepUtv8HbizMHs0hDPBPRp61HqupU36b VHK4KeRPY2jakXhkhTgXOMfbpwwYuYlGbRkLgJkW3IpJwHqt3higkF326hWNZLy3 cf1SgZDXxovbjuFBKSXBJOE5/b/cyg/6w/vKxsTBDa5uroaotAJLgKURcOiyv4as P+sTLNJaXGLhGfNvpZY5Zwfks9R6WPk/PqMy16aDVAy7ZG8UDSgPoBQvhogRBUPz qhtB9cdtFAgcLS+ZIoyf =SVf0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 14, 2023
•Important
Red Hat
98
security advisoryred hatpatchRed Hat 7: RHSA-2023-4382 Critical: OpenSSH Remote Code Execution
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssh security update Advisory ID: RHSA-2023:4382-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4382 Issue date: 2023-08-01 CVE Names: CVE-2023-38408 ===================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including theimpact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-7.4p1-23.el7_9.src.rpm x86_64: openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-keycat-7.4p1-23.el7_9.x86_64.rpm openssh-server-7.4p1-23.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-cavs-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.i686.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-ldap-7.4p1-23.el7_9.x86_64.rpm openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-7.4p1-23.el7_9.src.rpm x86_64: openssh-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-keycat-7.4p1-23.el7_9.x86_64.rpm openssh-server-7.4p1-23.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-cavs-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.i686.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-ldap-7.4p1-23.el7_9.x86_64.rpm openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: openssh-7.4p1-23.el7_9.src.rpm ppc64: openssh-7.4p1-23.el7_9.ppc64.rpm openssh-askpass-7.4p1-23.el7_9.ppc64.rpm openssh-clients-7.4p1-23.el7_9.ppc64.rpm openssh-debuginfo-7.4p1-23.el7_9.ppc64.rpm openssh-keycat-7.4p1-23.el7_9.ppc64.rpm openssh-server-7.4p1-23.el7_9.ppc64.rpm ppc64le: openssh-7.4p1-23.el7_9.ppc64le.rpm openssh-askpass-7.4p1-23.el7_9.ppc64le.rpm openssh-clients-7.4p1-23.el7_9.ppc64le.rpm openssh-debuginfo-7.4p1-23.el7_9.ppc64le.rpm openssh-keycat-7.4p1-23.el7_9.ppc64le.rpm openssh-server-7.4p1-23.el7_9.ppc64le.rpm s390x: openssh-7.4p1-23.el7_9.s390x.rpm openssh-askpass-7.4p1-23.el7_9.s390x.rpm openssh-clients-7.4p1-23.el7_9.s390x.rpm openssh-debuginfo-7.4p1-23.el7_9.s390x.rpm openssh-keycat-7.4p1-23.el7_9.s390x.rpm openssh-server-7.4p1-23.el7_9.s390x.rpm x86_64: openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-keycat-7.4p1-23.el7_9.x86_64.rpm openssh-server-7.4p1-23.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: openssh-cavs-7.4p1-23.el7_9.ppc64.rpm openssh-debuginfo-7.4p1-23.el7_9.ppc.rpm openssh-debuginfo-7.4p1-23.el7_9.ppc64.rpm openssh-ldap-7.4p1-23.el7_9.ppc64.rpm openssh-server-sysvinit-7.4p1-23.el7_9.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc64.rpm ppc64le: openssh-cavs-7.4p1-23.el7_9.ppc64le.rpm openssh-debuginfo-7.4p1-23.el7_9.ppc64le.rpm openssh-ldap-7.4p1-23.el7_9.ppc64le.rpm openssh-server-sysvinit-7.4p1-23.el7_9.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc64le.rpm s390x: openssh-cavs-7.4p1-23.el7_9.s390x.rpm openssh-debuginfo-7.4p1-23.el7_9.s390.rpm openssh-debuginfo-7.4p1-23.el7_9.s390x.rpm openssh-ldap-7.4p1-23.el7_9.s390x.rpm openssh-server-sysvinit-7.4p1-23.el7_9.s390x.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.s390.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.s390x.rpm x86_64: openssh-cavs-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.i686.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-ldap-7.4p1-23.el7_9.x86_64.rpm openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-7.4p1-23.el7_9.src.rpm x86_64: openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-keycat-7.4p1-23.el7_9.x86_64.rpm openssh-server-7.4p1-23.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-cavs-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1-23.el7_9.i686.rpm openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm openssh-ldap-7.4p1-23.el7_9.x86_64.rpm openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkyRVkAAoJENzjgjWX9erED58P/jFuG+WO59vh0yuYCFTyq3iH 7HddzqXVpipMHRoIuR4ujjtPueFttkl5Wfz4ICdBy2wHGHjwIH2mQmXzPm0+CJ5P uA1Dj3rWmQm1CTuSM7aAzrBUxSlNMgWxEZWXW6f9EQpBfmLTO5JgGmt713u3AgxS JM4o6UjRnzCX3G6+iM3dmaZOm9V/I0a6OcVlr26nemLEiUXH7QHDyxhkanStQ7+R ylsmRKMQRDBKeTCZhDyf2OtVf63Hz931GBNf5CGur1DNnnjlgu2Ddvv359ISGaYg 3ehkYkX3gXAkQ8TAqiUuqRE25P8Eaf3KdRoYg1u+zFCLy836USp/ajZrylXG9CZM u0vjEYkKuerflKRHGGBpr/dxn/8/9vRPl+3u7QniQ2onhgJzz80FsZ8UBeoEwu+9 l/1wxe9886KfbA+3VoSBUhGo3gBVCrBF31aHcjvFFzb3VjGKAFBA+D6Dipds1GLp ba5T7MojLP+uX49W7JVNgCWPM5tWcyhRlpu81YKllf6BcuIFZyu/FZeHgBVR3JW/ t+h2FM6khJOWNAVchc2k/Igc+aRfKYIk0+BSgpreccWQXo17aYoTeDvGMnTJQNZx T8yezboX8lyfrzAoVqQmbhzMh9fcTQk8aawU30BzMtVV5mxhWYWC5GaoEqzRABV9 ufxzUwJCZeR8b0jMRQxP =TvDe -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 01, 2023
•Important
Red Hat
98
security advisoryred hatheap corruptionRedHat: RHSA-2022:5597-01 Important: Pandoc Heap Corruption RCE Issue
An update for pandoc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: pandoc security update Advisory ID: RHSA-2022:5597-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5597 Issue date: 2022-07-18 CVE Names: CVE-2022-24724 ==================================================================== 1. Summary: An update for pandoc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Pandoc is a markdown/markup conversion tool. The version of pandoc in RHEL 8 CRB uses cmark-gfm (GitHub's extended version of the C reference implementation of CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which may lead to heap memory corruption when parsing tables with more than UINT16_MAX columns. Security Fix(es): * cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2060662 - CVE-2022-24724 cmark-gfm: possible RCE due to integer overflow 6. Package List: Red Hat CodeReady Linux Builder (v. 8): Source: pandoc-2.0.6-6.el8_6.src.rpm aarch64: pandoc-2.0.6-6.el8_6.aarch64.rpm noarch: pandoc-common-2.0.6-6.el8_6.noarch.rpm ppc64le: pandoc-2.0.6-6.el8_6.ppc64le.rpm s390x: pandoc-2.0.6-6.el8_6.s390x.rpm x86_64: pandoc-2.0.6-6.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24724 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkC9zjgjWX9erEAQiiJA/8DMprplAk7l4hD53FuNxy5kp1Zk1eQjqR fl/MHjIejiRD4/Rk5GrKNip2P97tCMFzn+NAhjyBlIKCuiJKUuSMl/OHvLHJA9D7 RyKZnqqewYZY/fBpi5DN1IfPSVR4bFZeVsmPK0hvK85vkK7nhByd5QQ7q53D3nCR jQxU1VBt23wkZGVkeE93ElsZeh5G+4LecOPD4MAmiurq9zDlpM/8uTYhdCmLom3X aC/mXDu9SyvI5zYGfXYzW/vmnqaSARX5BIdxgkRkuitBYZ4y4LL8ipQxDmhaDUEt QGg5fcZqUWL557Lupg0A2dCFhgFBwmimtdpZanIiSVYd9lKAvgExb1tou0Ip9hzT PomTiqfHfg9qxnyNayrpSWao/qE+pwWjo2hZJrMAVUUZR1WhWVfKH8pf2duto2X3 O/IwZYmOP8utBiYPZ2A/Q+xLH752cnOfJWZEPMu4dS+Mo+PteZYLyCcE7+2w16qY q6ZccjeBdo7kJZu1dYlllDSMPL97Z5Z3SZK/USvgNoCQpZQAqt/94VKZkaPwySrJ 805OBag7GhtfIg5v4ul43dKBNbq3+QXxcwa4zv4DTJ0fNEgo/rDoZ4ysN+eSPLyS aOFiva8E9a5c6PBiSOV3zI6sAkQz1g8VfxdcDZRQKDResUoSwMb52H0Fk+Z0ACLc VjOk/nbwCE0=Kjz5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 27, 2022
•Important
Red Hat
197
security advisorysoftware updateremote code executionDebian LTS DLA-2870-1 Critical: Log4j2 Remote Code Execution Advisory
Apache Log4j2, a Java Logging Framework, is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote . -------------------------------------------------------------------------Debian LTS Advisory DLA-2870-1
Dec 29, 2021
•Critical
Debian LTS
98
security advisoryupdatered hatRedHat: RHSA-2020-0588-01 Important: CloudForms RCE Threat Mitigated
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 5.0.3 security update Advisory ID: RHSA-2020:0588-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2020:0588 Issue date: 2020-02-25 Cross references: RHBA-2020:0452 CVE Names: CVE-2019-14894 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * CloudForms: RCE vulnerability in NFS schedule backup (CVE-2019-14894) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1769411 - CVE-2019-14894 CloudForms: RCE vulnerability in NFS schedule backup 6. Package List: CloudForms Management Engine 5.11: Source: cfme-5.11.3.1-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.src.rpm cfme-appliance-5.11.3.1-1.el8cf.src.rpm cfme-gemset-5.11.3.1-1.el8cf.src.rpm x86_64: cfme-5.11.3.1-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.3.1-1.el8cf.x86_64.rpm cfme-gemset-5.11.3.1-1.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14894 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXlSyv9zjgjWX9erEAQh44Q/9E5uIBeWkfp47qn3Yti8hNgbp747vUqd/ jm6EfGlsjsMcR3uSYKGn7byHxKWVs2YXJA5YzdV3Wq4a2wgM8Y1kro3wvLdOu+Ak woAuEv1VZRQK9EMhg1cGYf4b8ZMBUr6h5SzeLmw7FgFcFiFartlVj2yn6k57vwMZ INPi2SGece5NCxXM466Ksr7oizVtOrZvuV7XqnDp0hH54JEw/8M6vH9bsM1M1NLZ 5y//1upNpPdy0eaIbuyOuu25aV8VBshipnhnizdyb7jFsxZ8tiYy97Va6FsH9R2A 1VbIVPMJb24XlfmtZ4hLdtGVkh6rFWXgmhunn8yrPfWaG8yczPqO1g9QCmt9y8wU veehMhPATZyMekkxJarjC5PSbhpF0o5oXL1PWXdGMCOaYmF+wCv/ZfUFu/yiat2K oY5wZoI8Cb0N6AIGAh17v3H2P3QMl41g41T9w9nZt0HzY5SvZrh34kviQW2/hink WKY+MVtAD8oMR8BIQouxiaYfju4XMk03LGOVfJUjGJZhP2zSU5VytIsll8mqjtzA h8UaJqPp3A2J4WgAzleL3+85wITHRbPvyaGlwhSZsS+xyMP6olwSYSOgViaFsiiv yJzresrOuLGLXMi3ltf70wQwY2u0k126F9t9IFNhHNVYg2+v2Pn3IGif/7FOmBeU U9zp/DrQ354=oMfo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 25, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!