Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
3bcde00c10f50e0c04e8bb156e955aa18c0b0fde3d60fb4c86dca74a55ed295eGentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.
c4a6ea384306cefa4355225cb9e8a1e366ba43987e3c762adfe74c1500242886Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
bfca0ba942391c6a43c9f8d48bf4d26fb94e10f853c2bf23fb873d2cf0db5c07Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
9f53c43845e6989b1ee838b81e5c8b82022554a46d50f3d5c6ed2d4ad233ec23Red Hat Security Advisory 2022-1734-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
67eeebb8087b0fc31c8fbd504ec1c532cbcd40628f892f8aff82695c15395b0dRed Hat Security Advisory 2022-1476-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. Issues addressed include an information leakage vulnerability.
518f87bfae6ff4f29f3572832aa384efe8f2162ebac11f7d53caab2d6df42933Red Hat Security Advisory 2022-1396-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
9c6ace15db6cc4f4efff553e069be87d1d00778ed7287b08bb97673bf221855fRed Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.
9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
35e0984360562b4b8fbf9fe40fae589355479f6f0de58360c9bbc860cb6a290eRed Hat Security Advisory 2022-1039-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.
a3aa6dabb32b90d59c78082f139db0780896fec7f29703a5c21de22ea3a9a54aRed Hat Security Advisory 2022-1041-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.
6445fba90799b01b872171494589c69dffa5557ff9ffa53f46f79a6cee9831a2Red Hat Security Advisory 2022-1042-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.
5265a1937f32a43b20d3f66c08e5c5c57fd157ff3cf351d7f38e42467527af1aRed Hat Security Advisory 2022-0892-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
686be55c0541c52f7228bb399f498ef4abc8ee622ecfeb33ac3cc160e6173af6Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ecApple Security Advisory 2021-02-09-1 - macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 address code execution and out of bounds write vulnerabilities.
d07c6053fe910958b6266e0b88aa65b1bed26755ff3255409dce2e7eae0d9f55A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bcRed Hat Security Advisory 2021-0401-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
034eb3e36fb41523c183cce7fb7db81b540b3f41c75420847bab7b9527045d5cRed Hat Security Advisory 2021-0395-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
49977143520cecce774113ea2a67d42ba9b82c061e235564ca9f6f24094c01beSudo version 1.9.5p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit.
5c92904142e5934f1e20b05addc2261131559831f8576f64bf6cb2dca6f49edbSudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.
df2faf65c7a84b5633290e4d3a7d6958932b30e7692ccdb236b728a8b89c4678Debian Linux Security Advisory 4839-1 - The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.
e618531d43ceeb3d6e8d6ee5e3baaee28ecc28d7ebb4a21ac4e2bbab7d16d3f1Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
c49212b15ccc247d4854bbc03d70b7782b5d16c35cb198deb88dd180603d38b6Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319fGentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.
3f9611402a5877782d23f9e9d2f5be342e3982b50a70d76d2296d15cc8e96070Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
4932fccbcf1a83deca2314abd187a649434f117ced4a98c7f5cbb7ba1d120aee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed