41 matches found
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy...
CLSA-2025-1762800667 Fix CVE(s): CVE-2021-44038
SECURITY UPDATE: Unsafe chown/chmod operations in .service files - debian/patches/CVE-2021-44038.patch: remove chown/chmod commands from the .service files - CVE-2021-44038...
golang security update
1.23.9-1 - Update to Go 1.23.9 - Remove runtime-usleep-s390x.patch, already merged - Resolves: RHEL-93212...
CLSA-2025-1743184619 bind: Fix of CVE-2023-4408
Remove bind-9.11.4-CVE-2023-4408.patch which introduces an ABI change that breaks bind-dyndb-ldap - Enforce that bind-dyndb-ldap is updated after ABI changes introduced in 9.11.4-26.P2.15 update...
SUSE-SU-2025:20160-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Other bugfixes: - Fix ssh client segfault with...
CLSA-2024-1735311722 bind: Fix of CVE-2023-2828
Removed the bind-9.11.4-CVE-2023-2828-fixup.patch which caused problems with named-pkcs11...
SUSE CVE-2024-53080
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 "drm/panthor: Fix race when converting group handle to group object" we need to use the XArray's internal locking when retrieving a vm pointe...
sudo: Fix of CVE-2023-42465
Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...
CLSA-2024-1708639645 sudo: Fix of CVE-2023-42465
Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...
CLSA-2024-1708639566 sudo: Fix of CVE-2023-42465
Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...
CLSA-2024-1706698462 java-1.8.0-openjdk: Fix of 6 CVEs
Upgrade to shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop optimization issue -...
java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05. That fixes following CVEs: - CVE-2023-22045: Array indexing integer overflow issue. 8304468 - CVE-2023-22049: Improper handling of slash characters in URI-to-path conversion 8305312 - Remove patch for pkcs11 cause issue was fixed in...
CLSA-2023-1691081639 java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05. That fixes following CVEs: - CVE-2023-22045: Array indexing integer overflow issue. 8304468 - CVE-2023-22049: Improper handling of slash characters in URI-to-path conversion 8305312 - Remove patch for pkcs11 cause issue was fixed in...
CLSA-2023-1691081102 java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05. That fixes following CVEs: - CVE-2023-22045: Array indexing integer overflow issue. 8304468 - CVE-2023-22049: Improper handling of slash characters in URI-to-path conversion 8305312 - Remove patch for pkcs11 cause issue was fixed in...
CLSA-2023-1688677355 java-1.8.0-openjdk: Fix of 7 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake 8294474 - CVE-2023-21937: Missing string checks for NULL characters 8296622 - CVE-2023-21938: Incorrect handling of NULL characters in...
ol8addon security update
delve 1.9.1-1.0.1 - Bump version of delve from 1.8.3 to 1.9.1 1.8.3-1.0.1 - Bump version of delve from 1.7.2 to 1.8.3 1.7.2-1.0.1 - Bump version of delve from 1.6.0 to 1.7.2, enable aarch64 1.6.0-1.0.1 - Bump upstream version of delve from 1.5.0 to 1.6.0 1.5.0-2.0.1 - Cherry pick...
java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...
CLSA-2023-1675984832 java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...
CLSA-2023-1675984558 java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...
CLSA-2023-1673906443 rpm: Fix of CVE-2021-35938
CVE-2021-35938: drop the patch and following descriptor leak fix because these patches breaks non-root source package installation and can't be relied on without backporting a lot of the surrounding upstream code...