Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:2265
HistoryMay 26, 2022 - 12:49 p.m.

(RHSA-2022:2265) Moderate: OpenShift Container Platform 4.6.58 security and extras update

2022-05-2612:49:14
access.redhat.com
16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2022:2264

Security Fix(es):

  • moby: Default inheritable capabilities for linux container should be
    empty (CVE-2022-24769)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Related

nessus 65
redhat 16
virtuozzo 2
osv 10
cgr 2
amazon 3
fedora 10
ubuntucve 2
openvas 30
cbl_mariner 6
wolfi 2
redhatcve 2
mageia 2
debiancve 2
veracode 1
altlinux 1
github 2
cve 2
prion 2
ibm 10
alpinelinux 2
oraclelinux 4
qt 1
debian 3
ubuntu 2
aix 1
cloudfoundry 1
cloudlinux 2
rocky 2
owncloud 1
archlinux 1
freebsd_advisory 1
freebsd 1
almalinux 2
f5 1
suse 1
slackware 1
nessus
nessus
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.2298)
2022-09-27 00:00:00
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1993)
2022-07-08 00:00:00
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2154)
2022-07-29 00:00:00
redhat
redhat
(RHSA-2022:2268) Moderate: OpenShift Container Platform 4.7.51 security update
2022-05-25 11:53:12
(RHSA-2022:5026) Moderate: OpenShift Virtualization 4.10.2 Images security and bug fix update
2022-06-14 13:20:22
(RHSA-2022:2264) Moderate: OpenShift Container Platform 4.6.58 bug fix and security update
2022-05-26 11:28:59
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
osv
osv
CVE-2022-24769
2022-03-24 20:15:09
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
2024-04-22 18:45:21
Important: mingw-zlib security update
2022-11-15 00:00:00
cgr
cgr
CVE-2022-24769 vulnerabilities
2024-04-24 09:06:08
CVE-2018-25032 vulnerabilities
2024-04-24 09:06:08
amazon
amazon
Medium: containerd, docker
2022-04-25 15:57:00
Medium: containerd
2022-04-25 03:47:00
Important: zlib
2022-04-04 23:23:00
fedora
fedora
[SECURITY] Fedora 35 Update: moby-engine-20.10.14-1.fc35
2022-04-26 07:32:37
[SECURITY] Fedora 35 Update: containerd-1.6.2-1.fc35
2022-04-11 17:17:41
[SECURITY] Fedora 34 Update: moby-engine-20.10.14-1.fc34
2022-04-26 06:57:48
ubuntucve
ubuntucve
CVE-2022-24769
2022-03-24 00:00:00
CVE-2018-25032
2022-03-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1963)
2022-07-08 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2022-c07546070d)
2022-04-27 00:00:00
Fedora: Security Advisory for containerd (FEDORA-2022-eda0049dd7)
2022-05-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-24769 affecting package moby-runc 1.1.0+azure-6
2022-07-14 21:00:02
CVE-2022-24769 affecting package moby-runc 1.1.0-1
2022-06-26 03:29:33
CVE-2018-25032 affecting package mariadb 10.3.35-1
2022-10-13 00:40:28
wolfi
wolfi
CVE-2022-24769 vulnerabilities
2024-04-24 09:07:13
CVE-2018-25032 vulnerabilities
2024-04-24 09:07:13
redhatcve
redhatcve
CVE-2022-24769
2022-03-25 06:35:36
CVE-2018-25032
2022-03-28 04:47:54
mageia
mageia
Updated docker packages fix security vulnerability
2022-03-28 19:23:37
Updated docker-containerd packages fix security vulnerability
2022-04-16 00:35:09
debiancve
debiancve
CVE-2022-24769
2022-03-24 20:15:00
CVE-2018-25032
2022-03-25 09:15:00
veracode
veracode
Authentication Bypass
2022-03-25 06:40:51
altlinux
altlinux
Security fix for the ALT Linux 10 package docker-engine version 20.10.14-alt1
2022-04-01 00:00:00
github
github
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
2024-04-22 18:45:21
Out-of-bounds Write in zlib affects Nokogiri
2022-04-11 21:21:28
cve
cve
CVE-2022-24769
2022-03-24 20:15:00
CVE-2018-25032
2022-03-25 09:15:00
prion
prion
Design/Logic Flaw
2022-03-24 20:15:00
Memory corruption
2022-03-25 09:15:00
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-24769)
2022-04-19 12:17:46
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib
2022-05-25 14:55:17
Security Bulletin: IBM MQ Appliance is affected by a zlib vulnerability (CVE-2018-25032)
2022-07-12 23:35:45
alpinelinux
alpinelinux
CVE-2022-24769
2022-03-24 20:15:00
CVE-2018-25032
2022-03-25 09:15:00
oraclelinux
oraclelinux
zlib security update
2022-04-28 00:00:00
zlib security update
2022-05-12 00:00:00
rsync security update
2022-05-19 00:00:00
qt
qt
Security advisory: Recently reported zlib compression issue impacts Qt
2022-04-05 00:00:00
debian
debian
[SECURITY] [DLA 2993-1] libz-mingw-w64 security update
2022-05-07 13:28:50
[SECURITY] [DSA 5111-1] zlib security update
2022-04-01 15:20:47
[SECURITY] [DLA 2968-1] zlib security update
2022-04-02 21:16:08
ubuntu
ubuntu
rsync vulnerability
2022-06-13 00:00:00
zlib vulnerability
2022-03-30 00:00:00
aix
aix
AIX is vulnerable to denial of service due to zlib and zlibNX
2022-09-28 13:38:50
cloudfoundry
cloudfoundry
USN-5359-1: rsync vulnerability | Cloud Foundry
2022-05-23 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2018-25032 in rsync
2022-05-19 23:55:35
Fixed CVE-2018-25032 in zlib
2022-05-16 13:03:51
rocky
rocky
zlib security update
2022-04-28 14:07:14
rsync security update
2022-05-11 13:23:26
owncloud
owncloud
Security updates in Desktop Client - ownCloud
2022-05-23 00:00:00
archlinux
archlinux
[ASA-202204-3] zlib: arbitrary code execution
2022-04-04 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:08.zlib
2022-04-06 00:00:00
freebsd
freebsd
FreeBSD -- zlib compression out-of-bounds write
2022-04-06 00:00:00
almalinux
almalinux
Important: rsync security update
2022-05-11 13:23:26
Important: mingw-zlib security update
2022-11-08 00:00:00
f5
f5
K21548854 : zlib vulnerability CVE-2018-25032
2022-05-19 00:00:00
suse
suse
Security update for zlib (important)
2022-03-30 00:00:00
slackware
slackware
[slackware-security] zlib
2022-03-28 19:37:07

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for RHSA-2022:2265
nessus65redhat16virtuozzo2osv10cgr2amazon3fedora10ubuntucve2openvas30cbl_mariner6wolfi2redhatcve2mageia2debiancve2veracode1altlinux1github2cve2prion2ibm10alpinelinux2oraclelinux4qt1debian3ubuntu2aix1cloudfoundry1cloudlinux2rocky2owncloud1archlinux1freebsd_advisory1freebsd1almalinux2f51suse1slackware1