Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 18 articles for you...
217
security advisoryimportant advisoryruntime fixOracle8: ELSA-2025-2667: .NET 9.0 security, bug fix, and enhancement Important Security Advisory Updates
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-2667 http://linux.oracle.com/errata/ELSA-2025-2667.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-host-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-host-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet9.0-9.0.104-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-24070 Description of changes: [9.0.104-1.0.1] - Add support for Oracle Linux [9.0.104-1] - Update to .NET SDK 9.0.104 and Runtime 9.0.3 - Resolves:RHEL-81645 _______________________________________________ El-errata mailing list
Mar 14, 2025
•Important
Oracle
98
security advisoryRed Hatbug fixRed Hat: RHSA-2022-1389-01 Important Security Update for Apache HTTP Server
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update Advisory ID: RHSA-2022:1389-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:1389 Issue date: 2022-04-20 CVE Names: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 CVE-2022-0778 CVE-2022-22720 CVE-2022-23308 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): *jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720) * libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) * libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) * libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) * libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) * libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) * libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms 1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c 1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c 1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c 1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode 2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling 6.Package List: Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-util-1.6.1-91.jbcs.el7.src.rpm jbcs-httpd24-curl-7.78.0-3.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-80.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-29.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-68.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-41.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-11.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-80.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-curl-7.78.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.78.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.78.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-22.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-41.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-11.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-26.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-util-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-91.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.78.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.78.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.78.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-10.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-68.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-68.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-80.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-41.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-41.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-41.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-11.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-26.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-11.jbcs.el7.x86_64.rpm Red Hat JBoss Core Services on RHEL8: Source: jbcs-httpd24-apr-util-1.6.1-91.el8jbcs.src.rpm jbcs-httpd24-curl-7.78.0-3.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.37-80.el8jbcs.src.rpm jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.7-22.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-29.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.0.8-41.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.2-68.GA.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.39.2-41.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1g-11.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-26.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-80.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-util-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-91.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.78.0-3.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-3.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.78.0-3.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.78.0-3.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.78.0-3.el8jbcs.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-10.Final_redhat_2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-41.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-41.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-68.GA.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-68.GA.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.37-80.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-41.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-41.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-41.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-26.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-26.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-11.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmCHN9zjgjWX9erEAQiEmw//TBcPxFh1sypCiahxkwhHOBHQdeOSl5Ly aew/+LTUOBK6a89DX/2rytCiMPFSFxPV/PG4vv7MXUlTL0d3mL7uIQh4Tj6JuC2H c1sggJ6TQ3N5HgTBKXryJ6DBJ+sUeihUQ5RI1nWBSSaRob7sG8jvOoHGeN2eGPz0 1NvpHwnds/Ui0rLtD1jt9wpkJCNu/6gfTzpAIBRcpzZgs6cAyaM0CWBWyYOhGQ1L mgsojBkPdyURcSytSHBNq6VUv2VoJBSz+fksMPD+HXqdm7IvgLee71W5YJ0RFvx8 M9CPGncgqhKEUGMDFli9/6rzYPKJ6Aku5Z4FbYMUuwI7E+9m8TJTKUZ6jdpk3AMV KK5AkTXX/K8Vh/2eKzvcmLumjygkebiw595ycuLDEUxUp6WVTNIII+nRfGFcv/3V POd7s7NS1gtNzXQWvldevvV1qWOTgz0KE7PgUje6QxZustaHVYfbTTzgZEeQwvjt TOOYYYpwPyq62SsVW3incVhA7WC01/FjxTk3Ms3X2p/JolOfjX3DJqtAsfS7N6e8 Uhfqt7UOIy6rhUe5founbTwBzMGHScJ1b5fCR/ND0m5j0ofzn1FANy01uiu5a2wP 5iH1FVizJdTzEARRWa4obb+NaWo8EDtkNSGrK82pB9LSsg7gOcH1x5v9ULUUGA5d zC1ITWHepQU=xsMg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 20, 2022
•Important
Red Hat
98
security advisorycode executionsecurity fixRed Hat JBoss Web Server 3.1 SP14 Low Risk Advisory: Code Execution Issues
An update is now available for Red Hat JBoss Web Server 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update Advisory ID: RHSA-2022:0524-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:0524 Issue date: 2022-02-14 CVE Names: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 14 serves as a replacement for Red Hat JBoss Web Server 3.1 Service Pack 13. This release includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-eap6: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [jws-3] (CVE-2022-23302) * log4j-eap6: log4j: SQLinjection in Log4j 1.x when application is configured to use JDBCAppender [jws-3] (CVE-2022-23305) * log4j-eap6: log4j: Unsafe deserialization flaw in Chainsaw log viewer [jws-3] (CVE-2022-23307) * log4j-eap6: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [jws-3.1] (CVE-2021-4104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure that all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 6. Package List: Red Hat JBoss Web Server 3.1 for RHEL7: Source: log4j-eap6-1.2.17-3.redhat_00008.1.ep6.el7.src.rpm tomcat-native-1.2.23-26.redhat_26.ep7.el7.src.rpm tomcat7-7.0.70-46.ep7.el7.src.rpm tomcat8-8.0.36-49.ep7.el7.src.rpm noarch: log4j-eap6-1.2.17-3.redhat_00008.1.ep6.el7.noarch.rpm tomcat7-7.0.70-46.ep7.el7.noarch.rpm tomcat7-admin-webapps-7.0.70-46.ep7.el7.noarch.rpm tomcat7-docs-webapp-7.0.70-46.ep7.el7.noarch.rpm tomcat7-el-2.2-api-7.0.70-46.ep7.el7.noarch.rpm tomcat7-javadoc-7.0.70-46.ep7.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-46.ep7.el7.noarch.rpm tomcat7-jsvc-7.0.70-46.ep7.el7.noarch.rpm tomcat7-lib-7.0.70-46.ep7.el7.noarch.rpm tomcat7-log4j-7.0.70-46.ep7.el7.noarch.rpm tomcat7-selinux-7.0.70-46.ep7.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-46.ep7.el7.noarch.rpm tomcat7-webapps-7.0.70-46.ep7.el7.noarch.rpm tomcat8-8.0.36-49.ep7.el7.noarch.rpm tomcat8-admin-webapps-8.0.36-49.ep7.el7.noarch.rpm tomcat8-docs-webapp-8.0.36-49.ep7.el7.noarch.rpm tomcat8-el-2.2-api-8.0.36-49.ep7.el7.noarch.rpm tomcat8-javadoc-8.0.36-49.ep7.el7.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-49.ep7.el7.noarch.rpm tomcat8-jsvc-8.0.36-49.ep7.el7.noarch.rpm tomcat8-lib-8.0.36-49.ep7.el7.noarch.rpm tomcat8-log4j-8.0.36-49.ep7.el7.noarch.rpm tomcat8-selinux-8.0.36-49.ep7.el7.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-49.ep7.el7.noarch.rpm tomcat8-webapps-8.0.36-49.ep7.el7.noarch.rpm x86_64: tomcat-native-1.2.23-26.redhat_26.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-26.redhat_26.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgrT4dzjgjWX9erEAQj44g//bj2uAK916aZAw3a6oe2SgNpqLT0dicUe UCEwR2Y6LpTX2taiD7J2PmVEJ8Jto4AGuUyQB9BQqoeTfJP7OwKhgoHmxYy0kxkK jTQlk/fFXGcQwP5n8CtI8h6Gda4/pCsbn5H9Po752H8zVRFlD6yMNMaZ/UHd1Wsh S68i0DteyNqRH3rqzueV/UphqzHTSm89E2iLlvwovT5O4WZnCrS4fHg0JCXDsMT/ vYGBogbJ9QsQa0wG8I4sm5PPZCAaHi0qRvexoSsySE/kpmLuIumlsc8ocB0bIYS8 pPFL4xvXgU6Hsu+bhVV6rJ7H9h3Gq1tG5WwITabEJ7k4hIbDT/SAk6YhXzqb9twL 8sUNjY+Z4mappgGrV/2eGXOzJNlbTaNFiZncGinGI0T/Z4lV3y4uP0jZFRZulM5k Oxc/q71hKWKiDFotxpZI0cGvdtFNE+Cf2JeG0eFZB9L70gzLy3qJYHyLjqEbGw8C mJ8IaLINQteIkFg2L1th2LHm6qzSr4xNIR89GiXHrFw+NwvtkZH+QQdtnSkFZ2Um hjUtkRWqkoiwqW9A0EZZ/eggP7jLpBdXSTrUYWNN35O8vXy/lmWgmrPPKROZ+4Kw PagDFpEmfTC1/TsiPHqDUamKVdRRSLbG/89yxdo9zBlLi7ZDuyL6Rwkynx8FqdG+ pmrRyDtn+Fg=Xp7H -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 14, 2022
•Low
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2021-4613 Moderate: Apache HTTP Server Security Update
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ==================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookieheader 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 5. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM HVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg qzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T QyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa 4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU WPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL dRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY OkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU vPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje 1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S DW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT EuH/ObqPu58=Q2rT -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2021-2471-01 Important: Apache HTTP Server Update
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to theRelease Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901) * httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618) * libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169) * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference onspecially crafted HTTP/2 request 5. References: https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.37 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ=gsJD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 17, 2021
•Important
Red Hat
202
security advisorybuffer overflowpatchopenSUSE: 2021:0763-1 important: fribidi buffer overflow
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0763-1 Rating: important References: #1156260 Cross-References: CVE-2019-18397 CVSS scores: CVE-2019-18397 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-18397 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow. (bsc#1156260) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-763=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): fribidi-1.0.5-lp152.2.3.1 fribidi-debuginfo-1.0.5-lp152.2.3.1 fribidi-debugsource-1.0.5-lp152.2.3.1 fribidi-devel-1.0.5-lp152.2.3.1 libfribidi0-1.0.5-lp152.2.3.1 libfribidi0-debuginfo-1.0.5-lp152.2.3.1 - openSUSE Leap 15.2 (x86_64): libfribidi0-32bit-1.0.5-lp152.2.3.1 libfribidi0-32bit-debuginfo-1.0.5-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-18397.html https://bugzilla.suse.com/1156260 . openSUSE Security Notice for fribidi: Critical patch available for buffer overflow flaw CVE-2020-12345.. openSUSE Security Update, Fribidi Buffer Overflow, Important Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team
May 22, 2021
•Important
OpenSUSE
98
security advisorysecurity updatebug fixRHEL 7: RHSA-2021:1202-01 Critical Security Fix for JBoss Web Server 3.1
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 12 security update Advisory ID: RHSA-2021:1202-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1202 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 7 - x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 6. Package List: Red Hat JBoss Web Server 3.1 for RHEL 7: Source: tomcat-native-1.2.23-24.redhat_24.ep7.el7.src.rpm x86_64: tomcat-native-1.2.23-24.redhat_24.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-24.redhat_24.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHctstzjgjWX9erEAQgp5g/+PmVzCLWS2x+IBEanPp+efKJpDq5Gej3E PFB9uJ0WKIH4qtznGfI/i5mtrIjy1BrbrlBJrFF72+a2pEyP8EL9DcJubIlLu9MH QgwsB5XVwC8+6aRVAN3blKPKPLC8CjHK3Ef+4cSq8vZocRHRKsx4Jz8dk1m1U36p /be1EBKaTrm9rGHgT+UYuKSeYrRq2QSEmoLKjyBQwDADHJzSRXuSv6AlaUHx9RvB xvRp+A9JErjaweOo2Ndo1KGhyHAQRUWTWym0M5QNbvBwBGNEShNjlezMhNVvC7UH fM5kLpcCxk4gtPuMGtg26fBSYZyzKiijl7zkkHiEt9jLqonik7QKRDaucPch8UgA 5Ic+bkN65+SlPpVYoCq65aUKmlQNJuL5FmXVXGV2OToyiOctojTYglvZI/zgcEOf 0vpZGeZ/duupuN7OHQ4YTYY44Li5CVKIojLlE8cMRJRkmH3X76xW2DCooFRx7viI cKiNBFSu2z47B3EZkKN2X5Zz/c7tWA/qD4cx3aP9bL1ucT6c0QFhi95we9vmwRaj TFC9RjmvzWeacI2ZfsEFv10wmSkF71idLr7zXFJ/e2vGKYVUQ+TKLf2cdXcHLW76 9wG9fy3SMjhDGmaJPEn9Ii42Ntu8Sj1BoxuBydJ2Wxf9I7cpMh62B9Hc1s4/SJHR CVXTbuaHHtI=bubg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
98
security advisoryRed HatcriticalRed Hat 7 & 8 RHSA-2021-1200-01 Critical: Apache HTTP Server Security Fix
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): *openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 5. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!