Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Red Hat Security Advisory 2024-3760-03

Red Hat Security Advisory 2024-3760-03 - An update for ipa is now available for Red Hat Enterprise Linux 7.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#auth
Red Hat Security Advisory 2024-3759-03

Red Hat Security Advisory 2024-3759-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Security Advisory 2024-3758-03

Red Hat Security Advisory 2024-3758-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Security Advisory 2024-3757-03

Red Hat Security Advisory 2024-3757-03 - An update for ipa is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-3756-03

Red Hat Security Advisory 2024-3756-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-3755-03

Red Hat Security Advisory 2024-3755-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-3754-03

Red Hat Security Advisory 2024-3754-03 - An update for ipa is now available for Red Hat Enterprise Linux 9.

GHSA-7v5v-9h63-cj86: @grpc/grpc-js can allocate memory for incoming messages well above configured limits

### Impact There are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. ### Patches This has been patched in versions 1.10.9, 1.9.15, and 1.8.22

GHSA-99pg-grm5-qq3v: Docker CLI leaks private registry credentials to registry-1.docker.io

## Impact A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. ## Patches This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. ## Workarounds Ensure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`. ## For more information If you have any questions or comments about this advisory: * [Open an issue](https://github.com/docker/cli/issues/new/choose) * Email us at security@docker.com if you think you’ve found a security bug

Red Hat Security Advisory 2024-3741-03

Red Hat Security Advisory 2024-3741-03 - An update for bind, bind-dyndb-ldap, and dhcp is now available for Red Hat Enterprise Linux 7.