Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
587acc1f444243f9ef3c25e4d1de8aecbfcae8208b00502e26bf42e93ab7624cRed Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.
16dee4f5e0086cb542abff81a08f987124ff16a3f3637cd31b0568fd6f07ae13Red Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.
19f369ca91efe5e627e3b6624c087f231da83297e68708c5e0fb2378ecc2b10eRed Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.
bd99ec51cad85f3c9c41b87c768abf6cf973e23f96461a729a58645e519e2a99Red Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
14f971ee6ac97f93b8de4d06c668c3a26b4bb107cba2ed6ee7eacb091fa3dcc7Red Hat Security Advisory 2021-4613-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.
7b1e67d15601ddde3dd528384cac640b46e2736909b5819f946d6b03cc6bd6e6Red Hat Security Advisory 2021-4614-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.
a3555e355563c36eebdc4b92edb2589ad06f069ab31a4f11e8f540ccf0ec22b7Red Hat Security Advisory 2021-4198-03 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include integer overflow and null pointer vulnerabilities.
b16f6f7dfc613eec569d5eb1504345f0aaaf1be08d40bc5d138246dcc3a7466cRed Hat Security Advisory 2021-4424-03 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include integer overflow and null pointer vulnerabilities.
04dcb2cd63d13ce31c7ae07daf4d3676d399c3023d5d827f7d5b1b17eeccd7a1Red Hat Security Advisory 2021-3949-01 - Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Issues addressed include denial of service, integer overflow, and out of bounds read vulnerabilities.
da3bb0a2f0aedf1b55d5f8cbbece5dc6749623ae797a40f9e1cf9bf6796ee1a4Red Hat Security Advisory 2021-3925-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and provide security updates. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds read vulnerabilities.
fd1035fefbb8b3d06fa3e4a659771a25d330eb9fd90f1ff55f4f16a1d0ab3d2cRed Hat Security Advisory 2021-3798-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include integer overflow and null pointer vulnerabilities.
70a6ac793c80a0ef1c3c2a984d7ceffbdceff3f60ca33baf3fd7e48f6a6e6133Ubuntu Security Notice 5088-1 - It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. Various other issues were also addressed.
364506777cba9ac853135b7f75877b1504446feea3f08770e812fad58981b8b6Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.
cfc0ee4720a885efcdbb629dc90451c511ea3b56ea59530b3ab8554fa0475c01Gentoo Linux Security Advisory 202103-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1k are affected.
566847b7af0fcb3a90dc25f29b5036c3ee69853cd7da288df1e5db323975f5eeDebian Linux Security Advisory 4855-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.
97d32585c37fd8006093ec57a2913bfc6ae8b85626eb395c01aae4dc59e6947aUbuntu Security Notice 4738-1 - Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
3674119434b97aa1d488e84d529023ecaeea76725f509e491630edb2026cfda4OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bfOpenSSL Security Advisory 20210216 - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. Other issues were also addressed.
30fecce45189fbb6c13d7b9ef464c081530b0c13a73687a10fc90f4689b57bd1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed