Advisory for RedHat Security Updates

NIC-CERT/2023-03/048
Date: 2023-03-03
CVE ID: Multiple
Severity: Critical

Advisory for RedHat Security Updates

A. Description:

A vulnerability has been found in redhat products which could allow an attacker to take control of the affected system.

B. Security Issues Fixed:

Redhathas issued security advisories which contains important updates and fixed vulnerabilities like Path traversal, XSS,prototype pollution, Denial of Service, Deserialization Remote Code Execution, SSRF, Injection, Open redirect vulnerability,Red Hat OpenShift Container Platform for IBM Z and LinuxONE Red Hat OpenShift Container Platform for Power Red Hat OpenShift Container Platform for ARM 64 Red Hat OpenShift Container Platform Red Hat Open Stack etc.

C. Affected Products & Solution:

CVE

Product

Synopsis

CVE-2018-14040

CVE-2018-14042

CVE-2019-11358

CVE-2020-11022

CVE-2020-11023

CVE-2021-35065

CVE-2021-44906

CVE-2022-1274

CVE-2022-1438

CVE-2022-1471

CVE-2022-2237

CVE-2022-2764

CVE-2022-3782

CVE-2022-3916

CVE-2022-4137

CVE-2022-24785

CVE-2022-25857

CVE-2022-31129

CVE-2022-37603

CVE-2022-38749

CVE-2022-38750

CVE-2022-38751

CVE-2022-40149

CVE-2022-40150

CVE-2022-42003

CVE-2022-42004

CVE-2022-45047

CVE-2022-45693

CVE-2022-46175

CVE-2022-46363

CVE-2022-46364

CVE-2023-0091

CVE-2023-0264

Red Hat Single Sign-On Text-Only Advisories x86_64

Red Hat Single Sign-On 7.6.2 security update

CVE-2018-14040

CVE-2018-14042

CVE-2019-11358

CVE-2020-11022

CVE-2020-11023

CVE-2021-35065

CVE-2021-44906

CVE-2022-1274

CVE-2022-1438

CVE-2022-1471

CVE-2022-2764

CVE-2022-3782

CVE-2022-3916

CVE-2022-4137

CVE-2022-24785

CVE-2022-25857

CVE-2022-31129

CVE-2022-37603

CVE-2022-38749

CVE-2022-38750

CVE-2022-38751

CVE-2022-40149

CVE-2022-40150

CVE-2022-42003

CVE-2022-42004

CVE-2022-45047

CVE-2022-45693

CVE-2022-46175

CVE-2022-46363

CVE-2022-46364

CVE-2023-0091

CVE-2023-0264

Red Hat Single Sign-On 7.6 for RHEL 9 x86_64

Red Hat Single Sign-On 7.6.2 security update on RHEL 9 and 7

CVE-2021-4238

CVE-2022-3064

CVE-2022-4337

CVE-2022-4338

CVE-2022-41717

Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x

Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

OpenShift Container Platform 4.10.53 bug fix and security update

CVE-2018-14040

CVE-2018-14042

CVE-2019-11358

CVE-2020-11022

CVE-2021-35065

CVE-2021-44906

CVE-2022-1274

CVE-2022-1438

CVE-2022-1471

CVE-2022-2764

CVE-2022-3782

CVE-2022-3916

CVE-2022-4039

CVE-2022-24785

CVE-2022-25857

CVE-2022-31129

CVE-2022-37603

CVE-2022-38749

CVE-2022-38750

CVE-2022-38751

CVE-2022-40149

CVE-2022-40150

CVE-2022-40303

CVE-2022-40304

CVE-2022-42003

CVE-2022-42004

CVE-2022-45047

CVE-2022-45693

CVE-2022-46175

CVE-2022-46363

CVE-2022-46364

CVE-2022-47629

CVE-2023-0091

CVE-2023-0264

CVE-2023-21835

CVE-2023-21843

Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64

Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x

Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update

CVE-2022-3064

Red Hat OpenStack 17 x86_64

Red Hat OpenStack Platform 17.0 (etcd) security update

CVE-2021-38561

Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64

Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

OpenShift Container Platform 4.12.5 security update

CVE-2022-3564

CVE-2022-4378

CVE-2022-4379

CVE-2023-0179

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux for Power, little endian 9 ppc64le

kpatch-patch security update

CVE-2022-3650

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux for x86_64 8 x86_64

Red Hat Ceph Storage (OSD) 5 for RHEL 8 x86_64

Red Hat Ceph Storage (MON) 5 for RHEL 8 x86_64

Red Hat Ceph Storage 5.3 Bug fix and security update

CVE-2022-2873

CVE-2022-3564

CVE-2022-4378

CVE-2022-4379

CVE-2023-0179

Red Hat Enterprise Linux for Real Time 9 x86_64

Red Hat Enterprise Linux for Real Time for NFV 9 x86_64

kernel-rt security and bug fix update

CVE-2022-23521

CVE-2022-41903

Red Hat Enterprise Linux Server 7 x86_64

Red Hat Enterprise Linux Workstation 7 x86_64

Red Hat Enterprise Linux Desktop 7 x86_64

Red Hat Enterprise Linux for IBM z Systems 7 s390x

Red Hat Enterprise Linux for Power, big endian 7 ppc64

Red Hat Enterprise Linux for Scientific Computing 7 x86_64

Red Hat Enterprise Linux for Power, little endian 7 ppc64le

git security update

CVE-2022-4415

CVE-2022-23521

CVE-2022-40303

CVE-2022-40304

CVE-2022-41903

CVE-2022-47629

CVE-2023-0923

Red Hat OpenShift Data Science 1 x86_64

Red Hat OpenShift Data Science 1.22.1 security update

CVE-2018-25032

Red Hat Enterprise Linux Server - AUS 7.4 x86_64

zlib security update

CVE-2022-45442

Red Hat Enterprise Linux High Availability for x86_64 9 x86_64

Red Hat Enterprise Linux Resilient Storage for x86_64 9 x86_64

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9 s390x

Red Hat Enterprise Linux High Availability for IBM z Systems 9 s390x

Red Hat Enterprise Linux Resilient Storage for Power, little endian 9 ppc64le

Red Hat Enterprise Linux High Availability for Power, little endian 9 ppc64le

Red Hat Enterprise Linux High Availability for ARM 64 9 aarch64

pcs security update

CVE-2022-4378

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Red Hat Enterprise Linux Server - TUS 7.7 x86_64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

kpatch-patch security update

CVE-2022-4378

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Red Hat Enterprise Linux Server - TUS 7.7 x86_64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

kernel security update

CVE-2018-25032

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Red Hat Enterprise Linux Server - TUS 7.7 x86_64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

zlib security update

CVE-2021-38561

CVE-2022-23521

CVE-2022-41903

Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x

Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

OpenShift Container Platform 4.11.29 security update

CVE-2016-3709

CVE-2020-36567

CVE-2021-35065

CVE-2021-46848

CVE-2022-0561

CVE-2022-0562

CVE-2022-0865

CVE-2022-0891

CVE-2022-0908

CVE-2022-0909

CVE-2022-0924

CVE-2022-1304

CVE-2022-1355

CVE-2022-2056

CVE-2022-2057

CVE-2022-2058

CVE-2022-2519

CVE-2022-2520

CVE-2022-2521

CVE-2022-2601

CVE-2022-2867

CVE-2022-2868

CVE-2022-2869

CVE-2022-2953

CVE-2022-3775

CVE-2022-3787

CVE-2022-3821

CVE-2022-22624

CVE-2022-22628

CVE-2022-22629

CVE-2022-22662

CVE-2022-22844

CVE-2022-23521

CVE-2022-24999

CVE-2022-25308

CVE-2022-25309

CVE-2022-25310

CVE-2022-26700

CVE-2022-26709

CVE-2022-26710

CVE-2022-26716

CVE-2022-26717

CVE-2022-26719

CVE-2022-27404

CVE-2022-27405

CVE-2022-27406

CVE-2022-30293

CVE-2022-35737

CVE-2022-37601

CVE-2022-37603

CVE-2022-40303

CVE-2022-40304

CVE-2022-41717

CVE-2022-41903

CVE-2022-42010

CVE-2022-42011

CVE-2022-42012

CVE-2022-42898

CVE-2022-42920

CVE-2022-43680

CVE-2022-46175

CVE-2022-47629

CVE-2023-21830

CVE-2023-21835

CVE-2023-21843

Red Hat Migration Toolkit for Applications 6.0 x86_64

Migration Toolkit for Applications security and bug fix update

CVE-2021-46848

CVE-2022-1304

CVE-2022-22624

CVE-2022-22628

CVE-2022-22629

CVE-2022-22662

CVE-2022-26700

CVE-2022-26709

CVE-2022-26710

CVE-2022-26716

CVE-2022-26717

CVE-2022-26719

CVE-2022-30293

CVE-2022-35737

CVE-2022-40303

CVE-2022-40304

CVE-2022-41717

CVE-2022-42898

CVE-2022-47629

OpenShift Developer Tools and Services 4.9 x86_64

OpenShift Developer Tools and Services 4.9 s390x

OpenShift Developer Tools and Services 4.9 ppc64le

OpenShift Developer Tools and Services 4.9 aarch64

Service Binding Operator security update

Users are advised to visit following URL and follow the steps to apply fixes.

https://access.redhat.com/articles/11258

D. References:

https://access.redhat.com/security/security-updates/#/

https://access.redhat.com/security/updates/classification/#important