http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost valu ...
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can res ...
Synopsis
Moderate: skopeo security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for skopeo is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...
Synopsis
Important: Cryostat security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available ...
概述
Moderate: buildah security update
类型/严重性
Security Advisory: Moderate
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
查看受影响的系统
标题
An update for buildah is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security im ...
Synopsis
Moderate: runc security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for runc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
概述
Important: OpenShift Container Platform 41245 bug fix and security update
类型/严重性
Security Advisory: Important
标题
Red Hat OpenShift Container Platform release 41245 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShi ...
概要
Important: OpenShift Container Platform 41324 bug fix and security update
タイプ/重大度
Security Advisory: Important
トピック
Red Hat OpenShift Container Platform release 41324 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Ha ...
Synopsis
Moderate: OpenShift Container Platform 41410 packages and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Container Platform release 41410 is now available with updates to pac ...
Synopsis
Important: Release of OpenShift Serverless 1302
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Serverless version 1302 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severit ...
Synopsis
Important: OpenShift Container Platform 4142 packages and security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to pac ...
Synopsis
Important: Network Observability security update
Type/Severity
Security Advisory: Important
Topic
An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...
概述
Important: Red Hat OpenStack Platform 1711 security update
类型/严重性
Security Advisory: Important
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
查看受影响的系统
标题
An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenSta ...
Synopsis
Important: Logging Subsystem 577 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Important
Topic
Logging Subsystem 577 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Synopsis
Important: Logging Subsystem 5612 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Important
Topic
Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
概述
Important: Red Hat OpenStack Platform 1625 security update
类型/严重性
Security Advisory: Important
标题
An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 1625Red Hat Produ ...
Synopsis
Important: Service Telemetry Framework 152 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Service Telemetry Framework 152Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Synopsis
Important: Release of OpenShift Serverless Client kn 1302 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Serverless 1302 is now availableRed Hat Product Security has rated ...
Synopsis
Important: Red Hat OpenStack Platform 1711 (director-operator) security update
Type/Severity
Security Advisory: Important
Topic
An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17 ...
Synopsis
Moderate: containernetworking-plugins security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9Red Hat Product Secur ...
Synopsis
Moderate: podman security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...
概述
Moderate: OpenShift Container Platform 41410 security update
类型/严重性
Security Advisory: Moderate
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
查看受影响的系统
标题
Red Hat build of MicroShift release 41410 is now available with updates to packages and images that fix sever ...
Synopsis
Important: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat Ansible Automation Platform 24Red Hat ...
Synopsis
Important: go-toolset and golang security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9Red Hat Product Sec ...
Synopsis
Important: OpenShift Container Platform 41322 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 182 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 182 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Important: cert-manager Operator for Red Hat OpenShift 1115
Type/Severity
Security Advisory: Important
Topic
cert-manager Operator for Red Hat OpenShift 1115Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Important: OpenShift Container Platform 4142 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Synopsis
Important: OpenShift Container Platform 4144 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4144 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
2023-10-11: The severity level was changed from Important to Medium
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are cu ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than ...