#aws

An update for dhcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2928: An integer overflow vulnerability was found in the DHCP server. When the "option_code_hash_lookup()" function is called from "add_option()", it increases the option's "refcount" field. However, there is not a corresponding call to "option_dereference()" to decrement the "refcount" field. The "add_option()" function is only used in server responses to...

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS reco...

An update for net-snmp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-44792: A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service. * CVE-2022-44793: ...

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy saniti...

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.

An update for libtar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33643: A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. * CVE-2021-33644: A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in heade...

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3627: An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition. * CVE-2022-3970: An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt...

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for using his insider access as a senior developer to steal confidential data and sending an anonymous

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.