Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisoryimportantkernel fixRed Hat Enterprise Linux 8.4 RHSA-2023-4967 Important Kernel Fixes
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2023:4967-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4967 Issue date: 2023-09-05 CVE Names: CVE-2023-1829 CVE-2023-3090 CVE-2023-3390 CVE-2023-4004 CVE-2023-35001 CVE-2023-35788 ===================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v.8.4) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: ipvlan: out-of-bounds write caused by unclear skb-> cb (CVE-2023-3090) * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: nf_tables: stack-out-of-bounds-read innft_byteorder_eval() (CVE-2023-35001) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb-> cb 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() 2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() 6. Package List: Red Hat Enterprise Linux BaseOS E4S(v.8.4): Source: kpatch-patch-4_18_0-305_76_1-1-5.el8_4.src.rpm kpatch-patch-4_18_0-305_82_1-1-4.el8_4.src.rpm kpatch-patch-4_18_0-305_86_2-1-3.el8_4.src.rpm kpatch-patch-4_18_0-305_88_1-1-3.el8_4.src.rpm kpatch-patch-4_18_0-305_91_1-1-2.el8_4.src.rpm kpatch-patch-4_18_0-305_97_1-1-1.el8_4.src.rpm ppc64le: kpatch-patch-4_18_0-305_76_1-1-5.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_76_1-debuginfo-1-5.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_76_1-debugsource-1-5.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_82_1-1-4.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_82_1-debuginfo-1-4.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_82_1-debugsource-1-4.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_86_2-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_86_2-debuginfo-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_86_2-debugsource-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_88_1-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_88_1-debuginfo-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_88_1-debugsource-1-3.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_91_1-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_91_1-debuginfo-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_91_1-debugsource-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_97_1-1-1.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_97_1-debuginfo-1-1.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_97_1-debugsource-1-1.el8_4.ppc64le.rpm x86_64: kpatch-patch-4_18_0-305_76_1-1-5.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_76_1-debuginfo-1-5.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_76_1-debugsource-1-5.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_82_1-1-4.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_82_1-debuginfo-1-4.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_82_1-debugsource-1-4.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_86_2-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_86_2-debuginfo-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_86_2-debugsource-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_88_1-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_88_1-debuginfo-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_88_1-debugsource-1-3.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_91_1-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_91_1-debuginfo-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_91_1-debugsource-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_97_1-1-1.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_97_1-debuginfo-1-1.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_97_1-debugsource-1-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-1829 https://access.redhat.com/security/cve/CVE-2023-3090 https://access.redhat.com/security/cve/CVE-2023-3390 https://access.redhat.com/security/cve/CVE-2023-4004 https://access.redhat.com/security/cve/CVE-2023-35001 https://access.redhat.com/security/cve/CVE-2023-35788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk9yhYAAoJENzjgjWX9erEtTIP/0EruC40gi4fT3+YLIxrNIgS Bl7SK1GQ+KMtIn/5+IEqJPg57qIJpNESofG9gjVww7lXoyc8SPmU9NIDoEA25gK0 im5GujEq4c+c07RR9gadfpcDVP61gayDlsxK//LeF2SQ34mZep2KSeDbHeR3uDgN zbP1slHBN0pD2PGiqnTu5MlYya6cbnonsaBxMYIWbkTrKpBSpz4tXUZSVwWeAytq Iqobzcd1RDBlkdX7IR53A6RI7g2MGYjgD+rK3WX3F/b4pnAD+M0IEzx4HTC+5IeI oDtUjyI/qsJKfKHPaK/N/9AmWprReoYfPw3uPcg+NEYcQl3Iwsn1skPM2kU0UzBA LJSi/3caU32+atAB4OxCotNpjX4XUuf1o06p5J5tN8h5BWx7gw1Ce+CBLvfylqg3 z1TroQ6aBBkyxADt/ACOghbDaqOS0S5YboJYEfxnyEcEwwYXS4xFY8ZNl4UcOBt7 VklDpo8g9k3tB8gLN/FEFsNEd0lAkTPqcSNup8+pB799BZgJ9ALhwhIUe+VD5beM bT3mmJodsRDO/f/UYqtbFlQxsy9m/NVhfEZ+9tL3Od29v3pCJNj2A0lMpDjHBt2+ 7iX5lfH0M16S6AGMh+xm/llAY9eFLZl+9THUzrHGtZBnnfOt4fhJ++nfhXJ1uXoj +ANDl9NZ1qMdTVVv6goN =O4mq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 05, 2023
•Important
Red Hat
98
security advisoryRed Hatlocal privilege escalationRedHat: RHSA-2023-1107-01 Important: pesign Local Privilege Escalation
An update for pesign is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: pesign security update Advisory ID: RHSA-2023:1107-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1107 Issue date: 2023-03-07 CVE Names: CVE-2022-3560 ==================================================================== 1. Summary: An update for pesign is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, x86_64 3. Description: The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Security Fix(es): * pesign: Local privilege escalation on pesign systemd service (CVE-2022-3560) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2135420 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service 6. Package List: Red Hat Enterprise Linux AppStream AUS (v. 8.2): Source: pesign-0.112-25.el8_2.1.src.rpm aarch64: pesign-0.112-25.el8_2.1.aarch64.rpm pesign-debuginfo-0.112-25.el8_2.1.aarch64.rpm pesign-debugsource-0.112-25.el8_2.1.aarch64.rpm x86_64: pesign-0.112-25.el8_2.1.x86_64.rpm pesign-debuginfo-0.112-25.el8_2.1.x86_64.rpm pesign-debugsource-0.112-25.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: pesign-0.112-25.el8_2.1.src.rpm aarch64: pesign-0.112-25.el8_2.1.aarch64.rpm pesign-debuginfo-0.112-25.el8_2.1.aarch64.rpm pesign-debugsource-0.112-25.el8_2.1.aarch64.rpm x86_64: pesign-0.112-25.el8_2.1.x86_64.rpm pesign-debuginfo-0.112-25.el8_2.1.x86_64.rpm pesign-debugsource-0.112-25.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v. 8.2): Source: pesign-0.112-25.el8_2.1.src.rpm aarch64: pesign-0.112-25.el8_2.1.aarch64.rpm pesign-debuginfo-0.112-25.el8_2.1.aarch64.rpm pesign-debugsource-0.112-25.el8_2.1.aarch64.rpm x86_64: pesign-0.112-25.el8_2.1.x86_64.rpm pesign-debuginfo-0.112-25.el8_2.1.x86_64.rpm pesign-debugsource-0.112-25.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3560 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZAiXLdzjgjWX9erEAQhQsA//RLv4H10wZJTWZnezz9KMapHUwJ6iPQP6 NnuWs26Q3scr0Y10dgVqNm+g9oHGvsLrqm+fZK0dgK4PhYoWsAlXrfyCcAGPoCqo 2LEXeZD0HPQ5icixfrbhlxwsNnGdM/+H1LFgsrc6G5B5FVtkaJmr4GMK7hWxhF+/ FUfa+eMGSAZL3n1ZsQ8VWGIOb1IEhUXfsWrv1XWlZY55buQn7/3MfjA4tb8Au9zc 0GCnl2iz0NGyF7so/mSi2+KYsodp7CwZ7ZseJgrLtA/MbVww/lxW5X2rMV2UHjgF Joh5krhdHUbVAArYVPyRsrzTm6Ijim+Ww3axMOXglttPHDcpL2Wwg6X3E+mJmEhp zdXHvhwW2/7prhMnXzjuzmKq07s6jCAnAtFSI8fWmT9BRixPF0WbVFDriIRU8Tgq nCLuDQa58oXIkb11tQ4WMUFcu6PqadYBa0EvWGgQeqrbcMVXlpVaXylzwoUO55P3 yC2ws9tMvoN4PBcICBlASAngQMbOxCtSb7wnDi4rl3kqFdafmTzIk3+cs1OkqNjC H1h/UJoroqAS977s3HSNfZQJ+sw7RQ7Grz3RovV7g88tUV87F1Vv5QRwbBWMdVVN OINoZBTMdXcD0qegq1+TjHl6+bMdn0XshC6g7wM2RyiMdw5fXeP6+QjRvDtnWWDc kbgX2OTcUho=HPJq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 08, 2023
•Important
Red Hat
98
security advisoryRed Hat Enterprise LinuxpatchRed Hat Enterprise Linux 7.6 RHSA-2021-4773 Important: Kernel Patch Update
An update is now available for Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:4773-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4773 Issue date: 2021-11-23 CVE Names: CVE-2020-36385 ==================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1974319 - CVE-2020-36385 kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free 6. Package List: Red Hat Enterprise LinuxServer E4S (v.7.6): Source: kpatch-patch-3_10_0-957_65_1-1-7.el7.src.rpm kpatch-patch-3_10_0-957_66_1-1-7.el7.src.rpm kpatch-patch-3_10_0-957_70_1-1-6.el7.src.rpm kpatch-patch-3_10_0-957_72_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_76_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_78_2-1-3.el7.src.rpm kpatch-patch-3_10_0-957_80_1-1-2.el7.src.rpm kpatch-patch-3_10_0-957_84_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-957_65_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-1-6.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-6.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_80_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_80_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_84_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_84_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-957_65_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-1-6.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-6.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_80_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_80_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_84_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_84_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-36385 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZ1SFdzjgjWX9erEAQj9DQ/+OiAFPs1To/im8fA4RL3HXcQIKmd5fQsB re8LlJYomKVRgRxUtdrywJigmh9FFNqQlx8fciC6EPcaZjQn6L7qkVHc5ufNP/Rh ZUs4ny2y+D25ahHD+ljyuLf00h0AIRDYbv2Rp3Vb1gUhWoAi8/gshokWHyriRAF0 gubJlzu1ynxmPdgbIkETEM0ELdU02Khxq56/VbMPIEECXOkPUcFeFAJiXybR3cSA 58iNJA50fF68pNJsAXiGNstLKK4FrhtWeEDVHEfE4LiHmm/jyRxN45J/hD927UrW +q/micQ2+EKBhkk9Sofj3x56MB7THRJ8gE5mENlia5BxPXwJ7GZm+muav/VnHoMN 7JimKRCGtEmKqOO7DGZJe44XvFaHkolFVO5IzjRGADteT/YRxKGIyM/cXdXXGeMA Uw7cbrLNdXpFQXIAL/nW1box53fA/soJIN+t9wk01chZNQLI0YqbZeddp7k6NPMW i40May2KBpMAABa7gk5pOq9tuzzib5/x9VYhRNqRocnLyisZJ3vz15MV5AWLAU7a hgsJZJDh45z1LVgQSVHm9ljHWzkJufyBwnpgtzLRQArBwMVtbK2FCot1B88U5m2+ +PYWbapMyRvuBihELZAi3da28RZJN2vNERKd85RkBFkh3P540Q3ejvC/+VIsSzcK BC5npuFtuRM=tgl+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 23, 2021
•Important
Red Hat
98
security advisoryupdatered hatRed Hat: RHSA-2020:5641-01 Important: OpenSSL Null Pointer Issue
An update for openssl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5641-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5641 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm ppc64le: openssl-1.0.2k-9.el7_4.ppc64le.rpm openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-devel-1.0.2k-9.el7_4.ppc64le.rpm openssl-libs-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm RedHat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-perl-1.0.2k-9.el7_4.ppc64le.rpm openssl-static-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+CSxtzjgjWX9erEAQi3/w//Rv57DkdeZ0UAjMCli5BavpQzTqZUf0f2 BZCsLAdkggAxJly0ueWpdnQri8/5svI9GdRykPvjIYaR3CJtPbeFlg2b4rTzYudG wAQ5bNHZ6mVEiFtDboqcsDAIGHpij3Dd7nr7rngy/eSFmC+WE7o2fJ232K6szSCJ 5Pxz69Xx/FenX//PXPFUZCMxuvBKyQEdWZju6HJkxqdfnepdQNKD+cx/RA7XKk7L Wu0U+SeVDHJrzSntuHV3nAyAj51aO0Lt6tkw4Y+P9iv7fup0Idb/XJi8iICKsx8R IABgCClcL2Y8AaAXdp9++PNoYTO0smoa+wFE/YjZFvXyP2TlQERcrn2uaWcm+G/v GdKl/0z2FEfEV5Gh6T6XJNo1Lk9DqtXcG8wW71p64OYNWptztDgw8ipQzJL9yIOU gmtjxOOsteziZEyFcNIZGV2QbI6wA8Y8FN33+e7YwNmXaFivPGXr0SoUuo9ya8i0 T8lWgOSQpY/1XazsDxNq1RY3y9M9zq+MCBS7xTB7AILm4daQc3msUSaLay6+HhQR ze30eFpLxYWlLxJmJNbq7MMGEmv+nJryNW3fPdZ1SOcR7mlkB4atp4+H5iEW69pV MDdDUZe5ZLVrYX4/p5BsaeFo/b7qGJGE4OmiXoDsvyO/HgGurAv7NAmYZfZ3exAr 02z1QWeZU4Q=eYwW -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 21, 2020
•Important
Red Hat
98
security advisorysecurity issueRed Hat Enterprise LinuxRed Hat: Important OpenSSL Issue RHSA-2020-5588-01 to Address
An update for openssl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5588-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5588 Issue date: 2020-12-16 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed(https://bugzilla.redhat.com/): 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: openssl-1.1.1-9.el8_0.src.rpm aarch64: openssl-1.1.1-9.el8_0.aarch64.rpm openssl-debuginfo-1.1.1-9.el8_0.aarch64.rpm openssl-debugsource-1.1.1-9.el8_0.aarch64.rpm openssl-devel-1.1.1-9.el8_0.aarch64.rpm openssl-libs-1.1.1-9.el8_0.aarch64.rpm openssl-libs-debuginfo-1.1.1-9.el8_0.aarch64.rpm openssl-perl-1.1.1-9.el8_0.aarch64.rpm ppc64le: openssl-1.1.1-9.el8_0.ppc64le.rpm openssl-debuginfo-1.1.1-9.el8_0.ppc64le.rpm openssl-debugsource-1.1.1-9.el8_0.ppc64le.rpm openssl-devel-1.1.1-9.el8_0.ppc64le.rpm openssl-libs-1.1.1-9.el8_0.ppc64le.rpm openssl-libs-debuginfo-1.1.1-9.el8_0.ppc64le.rpm openssl-perl-1.1.1-9.el8_0.ppc64le.rpm s390x: openssl-1.1.1-9.el8_0.s390x.rpm openssl-debuginfo-1.1.1-9.el8_0.s390x.rpm openssl-debugsource-1.1.1-9.el8_0.s390x.rpm openssl-devel-1.1.1-9.el8_0.s390x.rpm openssl-libs-1.1.1-9.el8_0.s390x.rpm openssl-libs-debuginfo-1.1.1-9.el8_0.s390x.rpm openssl-perl-1.1.1-9.el8_0.s390x.rpm x86_64: openssl-1.1.1-9.el8_0.x86_64.rpm openssl-debuginfo-1.1.1-9.el8_0.i686.rpm openssl-debuginfo-1.1.1-9.el8_0.x86_64.rpm openssl-debugsource-1.1.1-9.el8_0.i686.rpm openssl-debugsource-1.1.1-9.el8_0.x86_64.rpm openssl-devel-1.1.1-9.el8_0.i686.rpm openssl-devel-1.1.1-9.el8_0.x86_64.rpm openssl-libs-1.1.1-9.el8_0.i686.rpm openssl-libs-1.1.1-9.el8_0.x86_64.rpm openssl-libs-debuginfo-1.1.1-9.el8_0.i686.rpm openssl-libs-debuginfo-1.1.1-9.el8_0.x86_64.rpm openssl-perl-1.1.1-9.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9okStzjgjWX9erEAQj9Iw/8DLEapcZzDHzcpFQ0/BF7mYjDu9A1ikIO wgjoE9yN31hNW6FKjuLdzwzPFz85QDsUnSZJh/uuRPO0bWTZXOfFSjmWi7Zj9AGV ujH7eSH8XlP5fdfYNxZY2wcxkrpoqvCadUV22VM072sy2487MSvseXtYarloGsxj 0mK2zrSH1uJC4jaEo8HBTlW7fYMYJDOoyxIM+mODdN5Z18HTwgJ2kFZWFuTkXjl4 spRXGNuTnKTLHwVI7wnEKUv8tf9E7RMingOEZs6DHptjNiyhzrIue8qFpAlvQOG2 rTCBIUY0VXvD/RtqlvXIwLg17b3vBIVhqJoC6/5ePC3QQndI76KffZGNBAoFtVB+ cb7aAzXal0CVRoYM/38Y9jTtdbaz1ROUZoZqV1BBT+HwztPDlRnBTI6NhojF6cSI LAJ4CpaKseqSkbatmccd603/PubByHoK6CJM7TH4UOa2/NZuqUXTMLj/42CZGlLA aJvnl3qUZk+vEkq+U0s8f9d7POXlINuvPKoHGSZkXbsf4izEQL0UmZnEckRl2tO+ JBjbkqPcL/YVFLC9V1m51GqFyhe3Q3+jKZHxHaXukQmd5SeQktw3gLdlK5qfD/w7 BX+CPEscKO/BSHZ57vheufKNRN/j00ZcWuLh3cHmzvGLUd/DLT9CNi4HHdTU+3cq Bfe6JUbroj0=0+02 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 16, 2020
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxlow severityRedHat: RHSA-2019-1301-01 Low: E4S and TUS Support Notice
This is the 6 month notification for the retirement of Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS). This notification applies only to those customers subscribed to the Update Services for SAP Solutions (E4S) and. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 7.2 E4S and TUS Support 6 month Retirement Notice Advisory ID: RHSA-2019:1301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1301 Issue date: 2019-05-30 ==================================================================== 1. Summary: This is the 6 month notification for the retirement of Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS). This notification applies only to those customerssubscribed to the Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS) channel for Red Hat Enterprise Linux 7.2. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS) for Red Hat Enterprise Linux 7.2 will retire as of November 30, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 E4S/TUS after November 30, 2019. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base articlelocated here https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 7.2 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux Telco Update Service life cycle can be found here: https://access.redhat.com/articles/2823771 Details of the Red Hat Enterprise Linux Update Services for SAP Solutions life cycle can be found here: https://access.redhat.com/support/policy/updates/errata#Update_Services_for _SAP_Solutions 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Bugs fixed (https://bugzilla.redhat.com/): 1707947 - RHEL 7.2 E4S/TUS 6 Month Retirement Notice 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: redhat-release-server-7.2-9.el7_2.6.src.rpm x86_64: redhat-release-server-7.2-9.el7_2.6.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: redhat-release-server-7.2-9.el7_2.6.src.rpm x86_64: redhat-release-server-7.2-9.el7_2.6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: redhat-release-server-7.2-9.el7_2.6.src.rpm x86_64: redhat-release-server-7.2-9.el7_2.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/updates/classification#low https://access.redhat.com/articles/2823771 https://access.redhat.com/support/policy/updates/errata#Update_Services_for_SAP_Solutions 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXO/7rNzjgjWX9erEAQg88g/9EopJXQxXKDq1YIQ+jzOWNJWRLx/yQkrm WN1Im4OgbDPa8bZtIHOW0ZBUYusWUD/fp2+CUyHNHUx3tGneYTsyAb3wrm6Nixqp AZcOj5uIwQyZ/RZRphN3UMd6EjF9tilHNA1IECzvUf+1yj64iUAJGaGscaBwaepn leeWYQjA7AKgLwOl7LPRiwT4DeZkD8qMNWnKowBT0i/A+Nr5AQNVoLZT66rhO68q LcG46GLBm+bBkhKxc8zMVtPxIxqrVZXhiHi8haENFHaPyKmtRUowUCtD43FO8HcD l5A4xSezUkgFQpJgMp4klp7BDQD7RsKl90QI69+Xv651wehF5fqBGjiGh5nBe1lL 7B7shPEVAVXhfxswgUqZaHfnRDn3eOs+2ddUMV3ki6TjyfkAfBYgf+uHQIZio7Jo l9JcD+kKh295G7wT1PISHnOaO6LDwN46QJkCWilxmIBrok1gm/j1l1kfj9ShpVFn XGQEaM069UOFqzTaq2VqeGmIoBTRj/1kJACdYzFpkGCbEvJn9hKxGK4ZwVsOc2HL +bU8ViXjtiaW2EQu4ux+9kwJzruxLnveMMhV04JOJJeGHwK8iLsHnAnxkUBdT5sP OyR40uEq8xfhxrhnyPr/GtAT2lMbkfTS4/sofXd56YpZrZwpeovrFrgdDv6X66IF 2OAHAQSTSM8=B5fp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 30, 2019
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!