Alternative Method for Migrating Backups to Hardened Linux Repository

Please review the information in this article closely before performing any actions documented herein. This article documents a series of steps that if not performed precisely as documented, could result in data loss. Purpose This article documents an alternative method for migrating backups from...

Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).

Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to...

Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)

Summary IBM Event Streams is vulnerable to HTTP request smuggling due to Jetty component. Jetty provides client-side libraries that allow us to embed an HTTP or WebSocket client in our applications. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request...

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

Summary This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...

ALSA-2023:7077 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...

Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)

Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service

Summary Operator of IBM Event Endpoint Management is vulnerable to an unauthorized endpoint access and possibly a denial of service. CVE-2023-4853 Vulnerability Details CVEID: CVE-2023-4853 DESCRIPTION: Quarkus could allow a remote attacker to bypass security restrictions, caused by improper...

Security Bulletin: IBM Event Processing contains a vulnerability in okhttp Java

Summary Operator of IBM Event Processing contains a vulnerability in Okio-jvm which is vulnerable to a denial of service CVE-2023-3635. Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a special...

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service

Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service of the Okio client CVE-2023-3635 Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip...

CVE-2023-4732 Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h

A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x...

Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27534. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow ...

Security Bulletin: IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2022-4450).

Summary OpenSSL is used by IBM Events Operator as part of the Operating System CVE-2022-4450. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioe...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2022-41723)

Summary IBM Event Streams is affected by golang / golang-xnet vulnerability for version 0.7.0 CVE-2022-41723 Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream,...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Express.js Express (CVE-2022-24999)

Summary This security vulnerability affects qs package before 6.10.3 that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or...

Fedora: Security Advisory for golang-github-coredns-corefile-migration (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in the Golang language affect IBM Event Streams (CVE-2022-28327, CVE-2022-24675, CVE-2022-27536)

Summary This security vulnerability affects Golang that is used by the IBM Event Streams CLI component Vulnerability Details CVEID: CVE-2022-28327 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

Security Bulletin: Vulnerability in Redis affects IBM Event Streams (CVE-2021-32762)

Summary There is a vulnerability in the Redis open source database. The database is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-32762 DESCRIPTION: Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the...

Security Bulletin: IBM Event Streams affected by potential buffer overflow in Golang (CVE-2021-38297)

Summary IBM Event Streams affected by vulnerabilitiy in Golang which may result in a buffer overflow CVE-2021-38297 Vulnerability Details CVEID: CVE-2021-38297 DESCRIPTION: Golang Go is vulnerable to a buffer overflow, caused by improper bounds checking when invoking functions from WASM modules. ...

openSUSE: Security Advisory for qemu (openSUSE-SU-2021:2591-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...