Important: jackson-core

Issue Overview: An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CVE-2023-35116 Affected Packages: jackson-core Issue Correction: Run dnf update jackson-core --releasev...

Advisory ROSA-SA-2023-2194

Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...

Advisory ROSA-SA-2023-2177

Software: libcacard 2.5.2 OS: ROSA-CHROME packageevrstring: libcacard-2.5.2-6.src.rpm CVE-ID: CVE-2017-6414 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in the vcardapdunew function in the card7816.c file in libcacard before version 2.5.3 allows local guest OS users to cause a denial of...

Advisory ROSA-SA-2023-2166

Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...

Medium: nodejs

Issue Overview: An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 Affected Packages: nodejs Issue Correction: Run dnf update...

Important: kernel-livepatch-5.10.179-166.674

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

Important: ghostscript

Issue Overview: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than ful...

Important: ruby3.2

Issue Overview: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 a...

Advisory ROSA-SA-2023-2156

Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...

Low: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.0.20230322 or dnf update --advisory...

Important: python-twisted

Issue Overview: A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers. CVE-2022-21712 An...

Medium: libinput

Issue Overview: A format string vulnerability was found in libinput CVE-2022-1215 Affected Packages: libinput Issue Correction: Run dnf update libinput --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-041 --releasever 2023.0.20230322 to update your system. More information on h...

Advisory ROSA-SA-2023-2131

Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...

Advisory ROSA-SA-2023-2130

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-23 CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to integer...

SUSE-SU-2023:0598-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability bsc1208515. - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability bsc1208512. - CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability bsc120851...

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

SUSE CVE-2021-29504

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...

Advisory ROSA-SA-2023-2113

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-0179 BDU-ID: 2023-00383 CVE-Crit: HIGH CVE-DESC: A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables...

Advisory ROSA-SA-2023-2112

Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...