#red_hat

Red Hat OpenShift Container Platform release 4.6.38 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.38. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:2641 Security Fix(es): * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ pa...

Release of OpenShift Serverless 1.16.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) For more details abou...

Release of OpenShift Serverless Client kn 1.16.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Security Fix(es): * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when creating roles in domain mode ...

Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red Hat AMQ Broker 7.8.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223) * Red Hat AMQ Broker: discloses JDBC username and password in t...

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): * XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-29505: XStream: remote command execution attack by manipulating the processed input stream

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.