#red_hat

Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework. Related CVEs: * CVE-2021-31525: golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963052) Related CVEs: * CVE-2020-26541: kernel: securit...

An update is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-33034: kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.This release of Red Hat build of Eclipse Vert.x 4.1.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. Related CVEs: * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-...

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.9.23) Bug Fix(es): * CVE-2021-3583 ansible: Template Injection through yaml multi-line strings with ansible facts used in template. See: https://github.com/ansible/ansible/blob/v2.9.23/changelogs/CHANGELOG-v2.9.rst for details on bug fixes in this release. Related CV...

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.9.23) Bug Fix(es): * CVE-2021-3583 ansible: Template Injection through yaml multi-line strings with ansible facts used in template. See: https://github.com/ansible/ansible/blob/v2.9.23/changelogs/CHANGELOG-v2.9.rst for details on bug fixes in this release. Related CVEs...

An update for linuxptp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp: missing length check of ...

An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp: missing length check of ...

An update for linuxptp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp...

An update for linuxptp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp...