Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
98
security advisoryRed HatcriticalRed Hat OpenShift 4.9.47 RHSA-2022-6147-01 Urgent: Command Injection Risk
Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.9.47 bug fix and security update Advisory ID: RHSA-2022:6147-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6147 Issue date: 2022-08-31 CVE Names: CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:6146 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about thesechanges: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/release_notes/ocp-4-9-release-notes Security Fix(es): * go-getter: command injection vulnerability (CVE-2022-26945) * go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.47-x86_64 The image digest is sha256:b049b24c534fed3cdd80caf6ae37db84642b7e4923229f319eaefe4df23b9f77 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.47-s390x The image digest is sha256:6aafcf145a39b8cb367ee33afadb2a90e17f88f20f9da044dd62895934060189 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.47-ppc64le The image digest is sha256:0086f7c1089f1c22aac0389f7d080b98c68408914060f7e682e17d6fabfd156c All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/release_notes/ocp-4-9-release-notes Detailson how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 2096802 - Duplicated IPs can be assigned to multiple Pods 2106793 - crio umask sometimes set to 0000 2111004 - [AWS] failed to create cluster on ap-southeast-3 2113993 - NetworkManager didn't automatically renew the lease on the VLAN interface configured using nmstate 2113994 - NetworkManager didn't automatically renew the lease on the VLAN interface configured using nmstate 2114724 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager 2115845 - [release-4.9] On updating cluster from 4.8.34=> 4.8.43, cu has noticed stale iptables rules that cause SVC of type LB to fail after redeployment of pods 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-250 - Incorrect NAT when using cluster networking in control-plane nodes to install a VRRP Cluster 6. References: https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYw/gKdzjgjWX9erEAQhShhAAnMi70Nm2I3RA8zF38/+xu/gIuwWLajmO UDh4xD+epg7Oz95nvqq3s04zM4D9DqqbW1VpKtY0VoZVxWCxn3M8VpoxkmO4OOPA 779CUxPNR/ZiL1UfrR229xpAo0NUnVHrCFtXOfFC6Q7RBP3fIvEiYcV1xTDzyH77 AclWhB9rzps/N0h2S4ZY16Ds8bDpLgbo/XiWaiE+QWyGpIHH/vNyWh2b05uGwdKx Yb6BwZmcKl9TqEXOYH51MT9forqfn2FLJtz3nfipLbhXU6MhkYGGOevx2GLKdx5v w6B5e7g7LubumZIUYvXGqpqQCZ1dV0AnIA1FpfmN1KO+v7PhiAJtRmk03tJU8mkZ Diqh6sLAQDBW4ByrbXsTTdLfFCs8lnahWg53ErQO/+SjYiErWPGrCqWzm2kFfgue TQ6bP1MArtYHIndZjDv3eS+LiomK/gUCvpiqmiWrUptKxgTiqWe2eNirZNY7MK8h oHmeGFci7/utkaG5BD9zu6MI2PnrHMbyCTxNw1BY3n4NXsORU4F/Lst18wI+9meY cuzxEN9JhZCnGtrCT59Ec5PpNPY03ZYmEyec+PnoAAA+x/XeJwk3A5d4YOLJHA5h 8buz0/MhzaZAgI76+gMg9uuuHmEUtSPbtjr2NjCSmmwbO0Dws9n2pjJ4u5rLbVdS mYDToojZmo4=P/0f -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 31, 2022
•Important
Red Hat
98
security advisorycommand injectionimportant updateRed Hat OpenStack 16.2: RHSA-2022-5673 Important Security Update
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. 2. Description: Release osp-director-operator images. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Release of containers for OSP 16.2.z director operator tech preview Advisory ID: RHSA-2022:5673-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:5673 Issue date: 2022-07-20 CVE Names: CVE-2021-3634 CVE-2021-3737 CVE-2021-4189 CVE-2021-40528 CVE-2021-41103 CVE-2021-43565 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-26945 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29824 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ==================================================================== 1. Summary: Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. 2. Description: Release osp-director-operator images Security Fix(es): * go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323) * go-getter: command injection vulnerability [Important] (CVE-2022-26945) * golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565) * containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103) 3. Solution: OSP 16.2 Release - OSP Director Operator Containers tech preview 4. Bugs fixed (https://bugzilla.redhat.com/): 2011007 - CVE-2021-41103 containerd:insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41103 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2022:4991 https://access.redhat.com/containers 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYtg1odzjgjWX9erEAQgLKhAAmNPdMhNGBxVdTDymf3EpM8xQcr25XWOR wfdum3Q4/Ji9/IQJ1NCv/5IsphsHgDaKlo9pY9BPzgeT4z90ga+5ldcXgqC9dk74 KVBUURmWxfbkg57E5dWHkMb9fxyRIpo0NiFlwLx5ynjIjO/WwWwFzz4YIiktDy1H AgGz1oZnX+hdZ+BpH2Ltx70cCyqvHgA+aOFXGHZNl8qQXQEjtCBN957XEo4c1hgp 6HBmK3GkcaL2Ml32/EM+2j4BLyz4hUK9Xfe171le0RcjkIND9BNzx2055dXov9uY eN52pn7pL8BvWU37b39wZx4EEyluYfnnlLaM9I+Y0t0NFhtA2H5Xk/hei1W3tzkP FdSR6gYIB1wwkBKu/qus4RqrtDEhYHOYXqIziEE+G0nF0ht1As7kLq7U05n7spOu 9mKht4iXLj17lzPHAXM5N9HF0/v3WuVNQf1DXOzb29BUF14fGFzXCWp/nIG+PpEt efmBklT4DAgLaibGwKyLZ7YOcfl/mQoQDCs3uPqpqeXf799cTtJFmC520ox/eaFx OFQ1ZNpDI/FKi1919hl2Ox5V7OxOZRIs/MPsLJ+HBtr9CmGMV2/rezeTEu+cD7Ts SFDt82MQeqSJuxjpa04odqcU6NZbccoF3c7sxn49Vvk6AAn6umXgJCR/Pnp9QPZT /jnfjsj7xYM=+5tE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 20, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!