Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
98
security advisorysecurity fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 8 RHSA-2023:5245-01 Moderate Cross-Process Leak
An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: linux-firmware security update Advisory ID: RHSA-2023:5245-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5245 Issue date: 2023-09-19 CVE Names: CVE-2023-20593 ===================================================================== 1. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: linux-firmware-20230404-117.git2e92a49f.el8_8.src.rpm noarch: iwl100-firmware-39.31.5.1-117.el8_8.1.noarch.rpm iwl1000-firmware-39.31.5.1-117.el8_8.1.noarch.rpm iwl105-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl135-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl2000-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl2030-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl3160-firmware-25.30.13.0-117.el8_8.1.noarch.rpm iwl3945-firmware-15.32.2.9-117.el8_8.1.noarch.rpm iwl4965-firmware-228.61.2.24-117.el8_8.1.noarch.rpm iwl5000-firmware-8.83.5.1_1-117.el8_8.1.noarch.rpm iwl5150-firmware-8.24.2.2-117.el8_8.1.noarch.rpm iwl6000-firmware-9.221.4.1-117.el8_8.1.noarch.rpm iwl6000g2a-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl6000g2b-firmware-18.168.6.1-117.el8_8.1.noarch.rpm iwl6050-firmware-41.28.5.1-117.el8_8.1.noarch.rpm iwl7260-firmware-25.30.13.0-117.el8_8.1.noarch.rpm libertas-sd8686-firmware-20230404-117.git2e92a49f.el8_8.noarch.rpm libertas-sd8787-firmware-20230404-117.git2e92a49f.el8_8.noarch.rpm libertas-usb8388-firmware-20230404-117.git2e92a49f.el8_8.noarch.rpm libertas-usb8388-olpc-firmware-20230404-117.git2e92a49f.el8_8.noarch.rpm linux-firmware-20230404-117.git2e92a49f.el8_8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-20593 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlCb3CAAoJENzjgjWX9erEG6YP/ixHmP1HOI8G/W4LZGBZH4bG RQEbX+d0DkLDHl9OauCIlz6QwQkXUl3vOES2eU+NnATYxyfe8E7AOi3b/Ncyx1Di Iht8/TtpAEJ0O5xHFzsfzH+9M4qCABPtmcDVD58Qnl9AuByJpUamt3aWi2DAxBOC HpmKwM/e8UNjvcJjCBLy/CwyV9VlH8mRkKz6RGEOTAkV2KcKuuvaaNrV2iHv0Hwu npx6PTPTvZIS6mlZRxoDIgTbloSasWozQEhTWMMxSnCGl5nmIr4oDISGQ4K5H53i JXoSFoL6tZslB7Jy1PpAgUK2cQTW9N0vqaZPjwTl094qj2XXOpJmGZ4rqPfraOhp EqawHOlSk33QNXjhZPvpMS879fkssoTPUvju8IG88zVl5h16GXrbOlnecTKggsjU UXtPWKlhxdwNsb5XBlXVOLmcNvgWccHR/rzoTDoG8FPPHlWi+EvynupRNC8qNz+/ aUptJb4b0WC+ZGq07+q3ax0WscEb/1QNSM/uh8LyOeqs5HKv3EAqjN8MaO/xuUcQ DawrU43O/XHQHjEWEQmSklceOEw0goVNGWCvpazvPINMe83b6wOLQ5gLHC3tPwJ3 1vj4Qtav8z4r1ntitdQLsQs7PeIRAfsgdiIkFRTMRrGqBhxOiOR7XHkioinRIidC eelFFuziP2dXbTX6cuhv =Kzcq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 19, 2023
Red Hat
98
security advisoryRed Hat Enterprise LinuxDenial of ServiceRedHat Enterprise Linux 9 RHSA-2023-5143-01 Moderate: .NET Kestrel DoS
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET 6.0 security update Advisory ID: RHSA-2023:5143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5143 Issue date: 2023-09-13 CVE Names: CVE-2023-36799 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, s390x, x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your systemhave been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2237317 - CVE-2023-36799 dotnet: Denial of Service with Client Certificates using .NET Kestrel 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: dotnet6.0-6.0.122-1.el9_2.src.rpm aarch64: aspnetcore-runtime-6.0-6.0.22-1.el9_2.aarch64.rpm aspnetcore-targeting-pack-6.0-6.0.22-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-6.0.22-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-6.0.22-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-runtime-6.0-6.0.22-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-sdk-6.0-6.0.122-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.aarch64.rpm dotnet-targeting-pack-6.0-6.0.22-1.el9_2.aarch64.rpm dotnet-templates-6.0-6.0.122-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.aarch64.rpm s390x: aspnetcore-runtime-6.0-6.0.22-1.el9_2.s390x.rpm aspnetcore-targeting-pack-6.0-6.0.22-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-6.0.22-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-6.0.22-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-runtime-6.0-6.0.22-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-sdk-6.0-6.0.122-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.s390x.rpm dotnet-targeting-pack-6.0-6.0.22-1.el9_2.s390x.rpm dotnet-templates-6.0-6.0.122-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.s390x.rpm x86_64: aspnetcore-runtime-6.0-6.0.22-1.el9_2.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.22-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-6.0.22-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-6.0.22-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-runtime-6.0-6.0.22-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-sdk-6.0-6.0.122-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.x86_64.rpm dotnet-targeting-pack-6.0-6.0.22-1.el9_2.x86_64.rpm dotnet-templates-6.0-6.0.122-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.x86_64.rpm Red Hat Enterprise Linux CRB (v. 9): aarch64: dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.aarch64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.aarch64.rpm s390x: dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.s390x.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.s390x.rpm x86_64: dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.22-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.122-1.el9_2.x86_64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.122-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.122-1.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-36799 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlAdT1AAoJENzjgjWX9erETt8P/2Xod5iq5ICgC4YSd5zuVU2H /btP0Qsyzfm05ubv/hLIlJk7OKR12kHUhc2ilancGGDwsxXLayDyfykKxOMxcIEZ AR/NgXxZ+kQW+JQBEVDFEijAgUU0sv3O6VMwv9Gznvh4n4yQfoPq1brIigWLo53r E2UTHwGJc2old60X6tPmfBYDcNx/Rsnhw8tkYOxcPKABl/yxxpGd7yXXEvLKDfoG M2jcpIbhyMN5/GNuVbd80WK6BbUOKXFXt44Nrmi1dc9G7mp0Yf23kkOETbyXzIw7 lSh4bUsrFi29EBca1m3IANVPOvtKgLEXPNRkCNsPoVOzlVH18H9QIaqJydsokwpn JSh2M5dWjt151gLMTP+2LCHDfKjM3FWJmk5SjqtUBrLEipmCBAduFMBiZl5X/lF+ Q97i+jq9Ywi8P6yhd6q2SUvWlG3PeTTiKuT+OZzYPvzywN/01+xiOOhwUWg8MBwo gcVRZB0R9fwVMwBbM8GLW7KWhYD60IK08Opkzjs3FMz6LgdPoLJOFvweLMOcYJSE 6lXWqwxkNK2lK3dxt7S1MUqH6NVUaeKMMqji7Evz1sP3NBAE9ErPSQkjp8rr4NXy IRIDw9EkJD6DU6EE079RJR8BwVKrt4KbE/Bl78tbbKidkfLW9q8ovxrxTdP4FgM6 tbvS8Y+Gmlz+g4dBshHF =ckpi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2023
Red Hat
98
security advisoryRed Hatupdate detailsRed Hat JBoss 2.4.57 Moderate: Security Update Advisory RHSA-2023:4628-01
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update Advisory ID: RHSA-2023:4628-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:4628 Issue date: 2023-08-15 CVE Names: CVE-2022-24963 CVE-2022-28331 CVE-2022-36760 CVE-2022-37436 CVE-2022-48279 CVE-2023-24021 CVE-2023-27522 CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29469 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linkedto in the References. Security Fix(es): * apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963) * apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) * mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279) * modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021) * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) * curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319) * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) * libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484) * libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469) * curl: more POST-after-PUT confusion (CVE-2023-28322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2163615 - CVE-2023-24021 modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass 2163622 - CVE-2022-48279 mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass 2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2172556 - CVE-2022-28331 apr: Windows out-of-bounds write in apr_socket_sendv function 2176211 - CVE-2023-27522 httpd: mod_proxy_uwsgi HTTP response splitting 2185984- CVE-2023-29469 libxml2: Hashing of empty dict strings isn't deterministic 2185994 - CVE-2023-28484 libxml2: NULL dereference in xmlSchemaFixupComplexType 2196778 - CVE-2023-28319 curl: use after free in SSH sha256 fingerprint check 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation 2196793 - CVE-2023-28322 curl: more POST-after-PUT confusion 5. References: https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2022-28331 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/cve/CVE-2022-48279 https://access.redhat.com/security/cve/CVE-2023-24021 https://access.redhat.com/security/cve/CVE-2023-27522 https://access.redhat.com/security/cve/CVE-2023-28319 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28322 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2+CLAAoJENzjgjWX9erESfQP/j+sJs95uZkoUuvj5j8dPd4R 0yM8RYEWpgQshRN3TTNnLYsCxPqUnUb+inRcPXE6pzVEhEnbWm1LM3qrA9rumb/l UWN0gPZl5Ee7j1vScN5/6iB+z/UEfE/w7Tw1XuJOaQrf7nArf2YbT7EVce8CmSkL JeKtuCiQxjdaOCQLFHqTFYobExiRTDYT9uWIKtr9FLHJ3xq93W1fuZUx/Ymh6LoO In7HUpgSSLrbWWTa2O6ZB9glM59FRCWwQzTsmOXk0FFUioLmle917tYgKTkAYq+U 6jC7vNtFSYeAikicxoKhw9dl74NPFBelRuGg744EN0OMRfbrdo9wnjYMyToqzqaM 45JeFTPVWoWNdJ63T3rNmwVy5+EL1QtrT8mdnK/1mQz1M5Kl8d3TOK92tPbJCeXV fMwjcnSr74CQ2/TvSGWkHh+CYlH5hGdBhG0eApvtm56fZYtss9KbRT4vGDH9DlIt d6mtVhRgzpyJP0QVuGakiVqvecZuClmJqs/UwBBo8WeNyc0OwZPMAh/2kYoXbL3i 2riEzxOXIpQOiE+cTQjOVc0oPPrMu7/1zScHTokZdyLqd5hOwq00ozSXWHIg5/Lb XWXJY3wPoXFPYZf80dQW3fu+bXfd4Bypa2Dro1KdOqw3LLKcewIEarkfVX7CD+QG yDHGmKThcngP7sHDPa1q =x9kG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 15, 2023
Red Hat
98
security advisorybug fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.2 RHSA-2023-4162-01 OpenJDK Security Updates
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: RHSA-2023:4162-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4162 Issue date: 2023-07-19 CVE Names: CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2)growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A virtual machine crash was observed in JDK 11.0.19 when executing the GregorianCalender.computeTime() method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and will be reapplied once JDK-8307683 is resolved. (RHBZ#2222496) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks 2221619 - OpenJDK: font processing denial of service vulnerability (8301998) 2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475) 2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483) 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468) 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) 2222496 - SIGSEGV (duplicated predicate failed) in java.util.GregorianCalendar.computeTime() [rhel-8, openjdk-11] [rhel-8.2.0.z] 2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682) 6. Package List: Red Hat Enterprise Linux AppStream AUS (v.8.2): Source: java-11-openjdk-11.0.20.0.8-1.el8_2.src.rpm x86_64: java-11-openjdk-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v.8.2): Source: java-11-openjdk-11.0.20.0.8-1.el8_2.src.rpm aarch64: java-11-openjdk-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.aarch64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.aarch64.rpm ppc64le: java-11-openjdk-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.ppc64le.rpm s390x: java-11-openjdk-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.s390x.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.s390x.rpm x86_64: java-11-openjdk-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v.8.2): Source: java-11-openjdk-11.0.20.0.8-1.el8_2.src.rpm x86_64: java-11-openjdk-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-src-11.0.20.0.8-1.el8_2.x86_64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-22006 https://access.redhat.com/security/cve/CVE-2023-22036 https://access.redhat.com/security/cve/CVE-2023-22041 https://access.redhat.com/security/cve/CVE-2023-22045 https://access.redhat.com/security/cve/CVE-2023-22049 https://access.redhat.com/security/cve/CVE-2023-25193 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkuIf/AAoJENzjgjWX9erEycAP+QEOP2XwzWwXoi0sYvgWNhyL H94F248A9OAMphy+lEUjG6nI8vJ5/TR4arkyJnAivj0YebQxrvtWfX0yNG1lYVH9 5aK3nZvD78+uoUVymY/ZFVYA1kZuZgB+x/MMqOAEqct6V1HD4gfL/7xcDp5PZxhE dcaHPhGo1IN176ZkF1BoZ4sIYJEokd3D21RbyjBTXXKDdyxf5e4hiWPVqEidfcnH Om3tlAGYL53/DjoyHH4fujEEMtWhivWQHSMzrH7Vg16i/j+KzkmTrU1tURbZB0DI Ln/MktJjZID+XtOIDsdcapyJzYeyicKbAoAJUPaa838cgPK0Ese9ju6h5DjkDs40 Plx4ilSORpy2uBr60+qiPsRKcbANv7gE0z8PqnHi+HEdhGjhist7IoNi92eUdceh eEt1fAXBNbhd3twzVHUNBfgHtJf/0hy94U7TPewaBjPczyx0hPKcxgPtEITqx08Q 1g56KJ5ihiDSPT5+EFa7/GazHEvfWqnaQC24Y1OM+IZQi3srVYrWNvKpVpBfOZoS ZoqBrO1EP0ErYIwani7Dr7MSfWVUVPCwM9AjGasggNL8kALl+28VTCyZDfZJgrqB kfdf6dPKYlHkrYP3W5bnQfMH1KfwNIaVSqc7f62CbwO2xXPh4Y1EkCtrpjlZUNzX 9fbTBEAXavOBYQY2zoOh =i6QL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 20, 2023
Red Hat
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 9 RHSA-2023-0337-01 Moderate: Expat Issue
An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2023:0337-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0337 Issue date: 2023-01-23 CVE Names: CVE-2022-43680 ==================================================================== 1. Summary: An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Security Fix(es): * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 5. Bugs fixed(https://bugzilla.redhat.com/): 2140059 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: expat-debuginfo-2.4.9-1.el9_1.1.aarch64.rpm expat-debugsource-2.4.9-1.el9_1.1.aarch64.rpm expat-devel-2.4.9-1.el9_1.1.aarch64.rpm ppc64le: expat-debuginfo-2.4.9-1.el9_1.1.ppc64le.rpm expat-debugsource-2.4.9-1.el9_1.1.ppc64le.rpm expat-devel-2.4.9-1.el9_1.1.ppc64le.rpm s390x: expat-debuginfo-2.4.9-1.el9_1.1.s390x.rpm expat-debugsource-2.4.9-1.el9_1.1.s390x.rpm expat-devel-2.4.9-1.el9_1.1.s390x.rpm x86_64: expat-debuginfo-2.4.9-1.el9_1.1.i686.rpm expat-debuginfo-2.4.9-1.el9_1.1.x86_64.rpm expat-debugsource-2.4.9-1.el9_1.1.i686.rpm expat-debugsource-2.4.9-1.el9_1.1.x86_64.rpm expat-devel-2.4.9-1.el9_1.1.i686.rpm expat-devel-2.4.9-1.el9_1.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: expat-2.4.9-1.el9_1.1.src.rpm aarch64: expat-2.4.9-1.el9_1.1.aarch64.rpm expat-debuginfo-2.4.9-1.el9_1.1.aarch64.rpm expat-debugsource-2.4.9-1.el9_1.1.aarch64.rpm ppc64le: expat-2.4.9-1.el9_1.1.ppc64le.rpm expat-debuginfo-2.4.9-1.el9_1.1.ppc64le.rpm expat-debugsource-2.4.9-1.el9_1.1.ppc64le.rpm s390x: expat-2.4.9-1.el9_1.1.s390x.rpm expat-debuginfo-2.4.9-1.el9_1.1.s390x.rpm expat-debugsource-2.4.9-1.el9_1.1.s390x.rpm x86_64: expat-2.4.9-1.el9_1.1.i686.rpm expat-2.4.9-1.el9_1.1.x86_64.rpm expat-debuginfo-2.4.9-1.el9_1.1.i686.rpm expat-debuginfo-2.4.9-1.el9_1.1.x86_64.rpm expat-debugsource-2.4.9-1.el9_1.1.i686.rpm expat-debugsource-2.4.9-1.el9_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY863OdzjgjWX9erEAQjjfhAAmVQ9lqY+P9epMjX2K1G0rPdn4BUhcDzM gGf6WEHtk+N+BG1MqMWPh2qzOgtLq5T1bfZM4OR1QMUhw3Te2cALvTt/V7OvnSMb 330OWavyoQyqUf3qv41OmBHokBzMXKaZEgaRQSbUOSb3IswAEBHS5MA/MCpnRH3F +o5tF6WnXBUlCvCk5NwzHwbQOjyAarUjAmsCLP8vZvfwBdJufiloycuU2B/oVGcr LoFJeheY/Cv2N4QZ6RuUBPSITCjt4Cpd2ShHGw0LiBOwKwzVtiZK+F1k1ZEUxofa MGn1F+OanwTLSrkfpm6cPTJ60xhOlKdx55SZHALikV4XAGW3bOCdCsGrUN6joagC yPJjc23YlXrzzjmt8ovTaFnzT44x/HII/auAyc8V4GwL/GH8HdLpcqbad2fNljyR hG5eOYjnMbgVDWlaPOL7M7Ja2aVOFV3kyXYgKwrricEGAWlOTkDawSjWkUysr7wh EVhQSOeZ44qmpfEDotTeGLBTCBmvVwLPFVdBeoc7T9q/RFhRQ4CoMBhIW6kW3m46 YC9IOZfrjcsFDQWjYH79xSmFMHZ/s7De21vz+Pc6yojY5ze+vWdfGNiBsBaiHcej 6DWmQT/XeeZO2Ez50VTbeca/0fyXKtig7mAvWcL7kMMxbNrxBYojT2nfH1qqQF5i ZmksOdNvfHM=m58z -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 23, 2023
Red Hat
98
security advisoryRed HatJava updateRed Hat 8: RHSA-2022-7006-01 Moderate: OpenJDK Memory Allocation Fix
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: RHSA-2022:7006-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7006 Issue date: 2022-10-19 CVE Names: CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) 2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) 2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) 2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el8_6.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el8_6.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm ppc64le: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm x86_64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY1C5MNzjgjWX9erEAQjX+g/+LVBWbVKJBedf19M/NMdWPT9S90V6I/b9 l4eWq9apoUGvRS4S6ba2qB1lS8og9jq+wWi5MInvtWyiKlvYdb038CQUkrFuMoDh KJWmw0iLkjrpOcFxu/eobmBfv0e7oUdYe2Z1Sz71AvtA06nGPUE5I/b+6nK2SMET Sol3DHvPt9JPAjAi1ZgR5LLjaoAaX9S/5VRSqLYxVMStsdc/gb15K+6c2/3SvG0L fwuepsXTbWNBntFde0X+xoV2lWP7FEiP73oTc/Ig0i1EdIYeO7cNSR7aC5vB7hYw 3DQbsbscyfLKoTCJHPju/oJDD5b00DtQiXQSG+0QIxsRpQXQDfmKV/GGxfvbE+Ap 1F4LRhjXUnv1MH/Pi3XUYwmhdL7JPpFpC3zzZJxXnK0HJ0aNn892FUvrsbt+w3sp 1wVGnr+XN9rFYcdvr6luOOV9GX+x8+xglq9s079IFH5Z/W0M/uk/pGjcOQKUjUoa G00gQbau/PIwU8uf9KwFEbAGNfq3VwhXE+W1weYhQtkjvPyeN6G5iTRNZCrmU8m4 dppu1nkg8oEC2vm1Kjn/kjcP3e9uDPvUWynp60sgPLv+OQb4hQfpwg6QMZp9mt8Y VsRLKly1xos4IhcY2lAvfKBRAvD36Z7S/ZUqq8eoCIxl5JwGANi7/gyAwoiyeHAX gbTiWTpeDmo=OLVd -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 19, 2022
Red Hat
98
security advisoryRed HatbinutilsRed Hat 7.7: RHSA-2021-4034-01 Moderate: Binutils Trojan Source Threat
An update for binutils is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: binutils security update Advisory ID: RHSA-2021:4034-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4034 Issue date: 2021-11-01 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) havea new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.7): Source: binutils-2.27-41.base.el7_7.4.src.rpm x86_64: binutils-2.27-41.base.el7_7.4.x86_64.rpm binutils-debuginfo-2.27-41.base.el7_7.4.i686.rpm binutils-debuginfo-2.27-41.base.el7_7.4.x86_64.rpm binutils-devel-2.27-41.base.el7_7.4.i686.rpm binutils-devel-2.27-41.base.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.7): Source: binutils-2.27-41.base.el7_7.4.src.rpm ppc64le: binutils-2.27-41.base.el7_7.4.ppc64le.rpm binutils-debuginfo-2.27-41.base.el7_7.4.ppc64le.rpm binutils-devel-2.27-41.base.el7_7.4.ppc64le.rpm x86_64: binutils-2.27-41.base.el7_7.4.x86_64.rpm binutils-debuginfo-2.27-41.base.el7_7.4.i686.rpm binutils-debuginfo-2.27-41.base.el7_7.4.x86_64.rpm binutils-devel-2.27-41.base.el7_7.4.i686.rpm binutils-devel-2.27-41.base.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v.7.7): Source: binutils-2.27-41.base.el7_7.4.src.rpm x86_64: binutils-2.27-41.base.el7_7.4.x86_64.rpm binutils-debuginfo-2.27-41.base.el7_7.4.i686.rpm binutils-debuginfo-2.27-41.base.el7_7.4.x86_64.rpm binutils-devel-2.27-41.base.el7_7.4.i686.rpm binutils-devel-2.27-41.base.el7_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYX+fiNzjgjWX9erEAQg35g//aW4kHiix1TzTpHpxm7cBwTAlFJ6zHjPN 3V/boYXi66tH2W6fiTCTcX34SH0rV/sZ6iKK9MrZ650kMFE2S467xKE7N51eqPNX LYidQAzCQk9k5sypMNHZSP+XMfCZ95phPtvnPxpXEPVpzGbT/KyqzpVWURLyxk2M v89e3r94pOaiQZluLZHT5jth1dKH+KdcyWy5q7L3jyARwzsFlDrUC8wpVMOqm/pW Q9eiWsJWc3XU8U8F2RHdqlsU+vPK283JqowKX9BBd2SP//T50xZRfPuqRCSM0WNw 3fE0I2Dw3jUZ8W/E3n5HuuS5M4cOUdTPek/RPNs0D0PD0GIno4RLjwaxD7/TJLd0 oYh+VURphxtdx6cLQS+P1pYhAnvto2vVI0jrAKh0P6BISXHjEgs0rhq2jC9ekAGY 4jw24i76N1ZMD9bbNxF6c1Qib7uCz2vKzJBpffEzLgqsz0cvnE+6Zvrdy0pSv4vk WxwUt55JLYh9kVLAaaw71Ah0/k207TapD0KG5idAqICou7FDTipxLaB/2podBXjG n85L42m9Z1g5LNVnebX5M7WJfa0VK5pvNsOno4kDxR4jD0JE5ki7TYir8C3Q2xqA OB+A+JXDaa0MwxKn+dztUh7wnMexiE6BEIM/ye/Y0QqAEOctfavZ5P2G6/p2QNhh 9wdHCsW6PCE=eEkP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 01, 2021
•Important
Red Hat
98
security advisoryRed HatOpenShiftRedHat: RHSA-2021-3001 Moderate: OpenShift Container Security Update
The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update Advisory ID: RHSA-2021:3001-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:3001 Issue date: 2021-08-03 CVE Names: CVE-2021-20206 ==================================================================== 1. Summary: The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Security Fix(es): * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * LB service unstable with multiple Windows nodes and pods (BZ#1905950) * WMCO patch pub-key-hash annotation to Linux node (BZ#1930791) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968) * Telemetry info not completely available to identify windows nodes (BZ#1948037) * LoadBalancer Service type with invalidexternal loadbalancer IP breaks the datapath (BZ#1952914) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692) * Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: dows-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1905950 - LB service unstable with multiple Windows nodes and pods 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1930791 - WMCO patch pub-key-hash annotation to Linux node 1939968 - kube-proxy service terminated unexpectedly after recreated LB service 1948037 - Telemetry info not completely available to identify windows nodes 1952914 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1953692 - WMCO incorrectly shows node as ready after a failed configuration 1971745 - Windows pod with a Projected Volume is stuck at ContainerCreating 1983153 - WMCO auto upgrade from v2.0.2 to v3.0.0 failed 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): WINC-618 - Windows Container Support for Red Hat OpenShift 3.0.0 release 6. References: https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYQmnh9zjgjWX9erEAQgnJA//W5XLnQlVaaz2aUO90BS56M3lVjU6gUB9 vtUjwEboNgmEheDsFpR7wt81LQzp4Bclqcnplpctz5kUn6W2XTcqjE4EyydFup0z q+5hBubmusTJboShJImPWBDDuDmF8bB4moHzMhbjFG4Tjh46omvIyI8ugcGuOf5s dGw6S+lUcjRiF/awlI8d3wFv4NEtxi7A3zztpeOz7ZlgT4VqRc1WnCR+e7BGmwvP S96VRAfeNMJPgSSVAIs4q2Vk8MXYMjV0q7wuTLFMKte87LFYBbUesMWnubFHjc3Y xpaOcoNREC14BKhf609wzmjBusHnXPeoXD4vScS2AzDW0Z9SNPysIUdOhmlXvkrl KyWrZkI0MOLZDIVI4zHYpWVcomOG27E0xAUdNYno7rSgodMTgeXGElNlPLi59YMQ BMgBv7NJAv5ms9xgToDybsHnFQ8soqguVM7k06fjHd913Sdhflkb3+t96wfTDcNl EcXeNIvp4pjdsWdam+P6PyxZl1OnLmNhWTuunVaJaagZ1XG1NO0+vFmE5vFqzrgu FgG2IYDKWOFcNTtkcYEFBvNGYRkSEmmoUZ6wKr1wnnK837h5idKvlbXahmA8MDoQ zfLlL4Yqyte4gIavb5KWYTdlmO7bVfg4YKESqd0OBHUD4qwaZbrXs0n2O7SdncuH ITjg2zA6mag=Q/sk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 03, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!