Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisoryred hatsecurity fixRed Hat OpenShift: RHSA-2023-4657-01 Moderate Scheduler Operator Fix
Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 security update Advisory ID: RHSA-2023:4657-01 Product: OSSO Advisory URL: Issue date: 2023-08-23 CVE Names: CVE-2020-24736 CVE-2022-36227 CVE-2023-1667 CVE-2023-2283 CVE-2023-24532 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-26604 CVE-2023-27535 CVE-2023-29400 ===================================================================== 1. Summary: Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Secondary Scheduler Operator for Red Hat OpenShift 1.1.2 Security Fix(es): * golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang:html/template: improper handling of empty HTML attributes (CVE-2023-29400) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 2223355 - CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): WRKLDS-793 - New OSSO 1.1.2 release 6.References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24532 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk5WynAAoJENzjgjWX9erEmR4QAJ5n2XzBLEgoPyYkKLsw7pIJ Cy2mmZeuS4SjQekEDKHQhFStEEv/5meeN8bb5t7K7DJNMSr9LLIkYQmvXgj2b322 LrDl56UaBOnxFUqBzONVQtHJdGJ+8Z5DuO9sudwObeKeb5EWIVpaSU0QDwIJbO7+ v2DvqA4GBOg9SRx/2QphQjcfPzSGMhNSL/b4YcWnMbU+xZGzgNdshI5V4hD/0sV8 T8RFsPyx0EpBFcM3OsasBqzqDUVGAmyONx36+rkjVkh2Mtjw/iwtUQ5SQaasC3bv UhLO6Z7tKd9mS0PmVm6f/Z1gmNfGeritzPgHbsPP42bhX0lsh3Dt6PO/Ft4RX+oz 433owpTVTwxEcffNFdUUhHsB8qhiSthmIgJ4AH+0WEe4RyHspSjUwCMnxZfn3T+x DAKQP8Lgsj1X6qd4FScFYQ7YulURTVyHJ8qQii6Dnkh3BBjPbMmiTwW8qxAbYQLD uBRNcDblFxcbZyjgl4lx0blRpjoKw3RFSTEUuYvfNKSi2XtM32ghKgmu5ECiwkjr 08ME466J3QM1uaSJK9woIvfT3BDGz8teWHJtsl8thL+xadnZdz6X8qcy2YIcW4/i 7EwUB0yQ6/x24gJ6T+IbCLIuwfUWOkKQFP2aFyav8Rbvqqxj3eVH4qK9jsw7Q1V2 pRhgrEM60gxGU/ObtSou =cO9Y -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 23, 2023
Red Hat
98
security advisoryred hatsecurity fixRedHat: RHSA-2022-6152-01 Important: secondary scheduler security threat
Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update Advisory ID: RHSA-2022:6152-01 Product: OSSO Advisory URL: Issue date: 2022-09-01 CVE Names: CVE-2022-1705 CVE-2022-1962 CVE-2022-24675 CVE-2022-28131 CVE-2022-28327 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 ==================================================================== 1. Summary: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustionin Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For Secondary Scheduler Operator 1.1.0 see the following documentation, which will be updated shortly, for detailed release notes: For more information on Secondary Scheduler Operator for Red Hat OpenShift 1.1.0, see the following release notes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/nodes/controlling-pod-placement-onto-nodes-scheduling#nodes-secondary-scheduler-release-notes 4. Bugs fixed (https://bugzilla.redhat.com/): 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2105001 - [SSO] Secondary scheduler version is shown as unknown in the operator logs 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 5. JIRA issues fixed(https://redhat.atlassian.net/jira/projects): WRKLDS-466 - Secondary Scheduler Operator for Red Hat OpenShift 1.1 release 6. References: https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYxCI69zjgjWX9erEAQhXXxAAosQlZxGWGILaGuYUJr/S/jXROYtor0Wv z8na9oZNTgJG086tiPehf+HAUIbwIRlExUg/fI0TkkQILou0JDqDKbMfxuvZ3You vgUzKoLHnf541JJp1tjLFbHl+dcG1ohoXEFdh6UpmhxILu56hnC7jB7hfAXnye/E wIwwtRkG7tzS2f81vFG1TwWunVddvtNy6ITnqkBLWvjRP0ihk6mBt4iBz4NOKYFi x/7TRZUGV+ILeP++g7qsbehOwZLj2p9NzqE2cRw/A1DP3WVRglKaGuhd46kR9mtn o0LK9jSBJ0QMPXDvEk52PU4J8yDqhhvTWSeCrFg0rwC3Xd3/41xxKTo9htbLOHfQ Ei359sevhBTpLH1sdS7/jjmd8jMYe9CZXxk0Ck87e+T17MXOyKVHSsMFjZR1Pgfu wXAMZaIut1l23RA+3T79jYUnrbB+zD4rDk5mwLuurO8n6y7Bw1Dr1Rr2r1mKgr7N rxIpHDhw2nWjEhnhl91+2r2ucLvfD6qqsdnV58XTKdLUqNbYAOL1p3tGljqmUVsH f2YWDoEc3LpbVoT12xbxqnmJRQGmWwfsNRY4tr6w+qVHgKjBAjMGaDhd4gIVEuGi 08mdVFBRqUPBbkIZu9ku5Eh8dgg2NcOFN1naDYb3AaNJp7+garNbcGFL1lIK0cBM ZO93shdrUmc=3goO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 01, 2022
•Important
Red Hat
98
security advisorymoderateRed HatRedHat OpenShift: RHSA-2022-5699-01 Moderate: Scheduler Operator Update
Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update Advisory ID: RHSA-2022:5699-01 Product: OSSO Advisory URL: Issue date: 2022-07-28 CVE Names: CVE-2018-25032 CVE-2021-3634 CVE-2021-40528 CVE-2022-1271 CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29526 CVE-2022-29824 ==================================================================== 1. Summary: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Security Fix(es): * golang: syscall: faccessat checks wrong group (CVE-2022-29526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For Secondary Scheduler Operator 1.0.1 see the following documentation, which will be updated shortly, for detailed release notes: For more information on Secondary Scheduler Operator for Red Hat OpenShift 1.0.1, see the following release notes: https://docs.openshift.com/en/container-platform/4.10/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-release-notes.html#secondary-scheduler-operator-release-notes-1.0.1 4. Bugs fixed(https://bugzilla.redhat.com/): 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 5. JIRA issues fixed (https://issues.redhat.com/): WRKLDS-465 - Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 release 6. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuqtedzjgjWX9erEAQiSRg//fn5bAzBQcfNfiBNJ3VvZRC+W/IFoAoyX 4KK1tR9IBrGFkVuAZdXgRwO7rO14Wow0ms7PhrKuJPR8E3CCNF0WtydRJs2hQtiV nVFarr8lUBpkOmtGRwCASkHvl2mtaQu83OH1vGKA+TCjJOhylSmFFZR9c4Ik2Yyh hK7YFTPcLnZ+fJ61H/PttjAdRMPDhSWpp75rr1ZtTd/LWo3gZbGULI4YRvTMMi+q alEL+xLd2xYm3HaP+iKhcq2wcKyhBUCPIxIenFajA22iqf0En3KkZ0MRyxriiF3R xJgBlaSlTwU0k/PYLTJ9q46yOVLQCF6PuvvAZlHXUje7yowMtsoN5qCWjjp65Jfc sjZvJUcRULvU0PHREc6l/TwQolM5svPLl6F60ncJuMK7i3pi0NeqZGWhSV7Bi3vD tXrgvk7VJIw9Vz0jFZ8OlSuZ20uGXHxo0l9EWtnE4/6jD9glYgWij1KPFPSnFeyU sYhtutttMLdKq8XkZptL1yWWEjxnmRlgDlZNei5tMsjOdphOSmoSFbHfbruNVqj+ vPKjPlR9Hy+Cba7H0CZnMs1j6V1cm6JWxkZaQIqpUy1xgt+htSpqdxwN05OmkAHE fplqlfIaZ7lIbKzy9ARaYVJWYZa95M9SDzz1gILVzsCJsb/CN2FEf0LIGUR38nOL ewDbaw0y0wc=Gagp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 03, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!