ID

VAR-202203-0005

CVE

CVE-2022-0778

TITLE

OpenSSL  of  BN_mod_sqrt()  Problem that causes an infinite loop when the law in

DESCRIPTION

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). OpenSSL Project Than, OpenSSL Security Advisory [15 March 2022] Has been published. Severity − High ( Severity: High ) OpenSSL of BN_mod_sqrt() Computes the square root in a finite field. BN_mod_sqrt() Has the problem of causing an infinite loop if the law is non-prime. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2372) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2389) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2021-35604) get_sort_by_table in MariaDB prior to 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) save_window_function_values in MariaDB prior to 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. (CVE-2021-46658) MariaDB prior to 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) MariaDB up to and including 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) MariaDB up to and including 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662) MariaDB up to and including 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. (CVE-2021-46663) MariaDB up to and including 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. (CVE-2021-46664) MariaDB up to and including 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665) MariaDB prior to 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. (CVE-2021-46667) MariaDB up to and including 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. (CVE-2021-46668) A use-after-free vulnerability was found in MariaDB. This flaw allows malicious users to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. (CVE-2022-0778) (CVE-2022-0778) Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21595) MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. (CVE-2022-24048) MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050) MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. (CVE-2022-24051) A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running arbitrary code. (CVE-2022-24052) MariaDB Server v10.6.5 and below exists to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. (CVE-2022-27376) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. (CVE-2022-27377) An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27378) An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27379) An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) An issue in the component Field::set_default of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27381) MariaDB Server v10.7 and below exists to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. (CVE-2022-27382) MariaDB Server v10.6 and below exists to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383) An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27384) An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below exists to allow malicious users to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27385) MariaDB Server v10.7 and below exists to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386) MariaDB Server v10.7 and below exists to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. (CVE-2022-27387) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_subselect.cc. (CVE-2022-27444) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/sql_window.cc. (CVE-2022-27445) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.h. (CVE-2022-27446) MariaDB Server v10.9 and below exists to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27447) There is an Assertion failure in MariaDB Server v10.9 and below via 'node-&gt;pcur-&gt;rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. (CVE-2022-27448) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_func.cc:148. (CVE-2022-27449) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/field_conv.cc. (CVE-2022-27451) MariaDB Server v10.9 and below exists to contain a segmentation fault via the component sql/item_cmpfunc.cc. (CVE-2022-27452) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. (CVE-2022-27456) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457) MariaDB Server v10.6.3 and below exists to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. (CVE-2022-27458) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31622) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-&gt;ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31623) MariaDB Server prior to 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) MariaDB v10.4 to v10.7 exists to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081) MariaDB v10.5 to v10.7 exists to contain an assertion failure at table-&gt;get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082) MariaDB v10.2 to v10.6.1 exists to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. (CVE-2022-32083) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component sub_select. (CVE-2022-32084) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. (CVE-2022-32085) MariaDB v10.4 to v10.8 exists to contain a segmentation fault via the component Item_field::fix_outer_field. (CVE-2022-32086) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Item_args::walk_args. (CVE-2022-32087) MariaDB v10.2 to v10.7 exists to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. (CVE-2022-32088) MariaDB v10.5 to v10.7 exists to contain a segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089) MariaDB v10.7 exists to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091) In MariaDB prior to 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #741570, #809980, #832339, #835343, #842489, #856592 ID: 202210-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1q >= 1.1.1q Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q" References ========== [ 1 ] CVE-2020-1968 https://nvd.nist.gov/vuln/detail/CVE-2020-1968 [ 2 ] CVE-2021-3711 https://nvd.nist.gov/vuln/detail/CVE-2021-3711 [ 3 ] CVE-2021-3712 https://nvd.nist.gov/vuln/detail/CVE-2021-3712 [ 4 ] CVE-2021-4160 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 [ 5 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 6 ] CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 [ 7 ] CVE-2022-1473 https://nvd.nist.gov/vuln/detail/CVE-2022-1473 [ 8 ] CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8) - aarch64, ppc64le, s390x, x86_64 3. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20220315.txt In addition this update corrects a carry propagation bug specific to MIPS architectures. For the oldstable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u8. For the stable distribution (bullseye), this problem has been fixed in version 1.1.1k-1+deb11u2. We recommend that you upgrade your openssl packages. Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. ========================================================================== Ubuntu Security Notice USN-5328-2 March 15, 2022 openssl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: OpenSSL could be made to stop responding if it opened a specially crafted certificate. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libssl1.0.0 1.0.2g-1ubuntu4.20+esm2 Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm5 After a standard system update you need to reboot your computer to make all the necessary changes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fixes: * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816) * minio: user privilege escalation in AddUser() admin API (CVE-2021-43858) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * nconf: Prototype pollution in memory store (CVE-2022-21803) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Bug fixes: * RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target (BZ# 2014557) * RHACM 2.5.0 images (BZ# 2024938) * [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) (BZ#2028348) * Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly (BZ# 2028647) * create cluster pool -> choose infra type, As a result infra providers disappear from UI. (BZ# 2033339) * Restore/backup shows up as Validation failed but the restore backup status in ACM shows success (BZ# 2034279) * Observability - OCP 311 node role are not displayed completely (BZ# 2038650) * Documented uninstall procedure leaves many leftovers (BZ# 2041921) * infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 (BZ# 2046554) * Acm failed to install due to some missing CRDs in operator (BZ# 2047463) * Navigation icons no longer showing in ACM 2.5 (BZ# 2051298) * ACM home page now includes /home/ in url (BZ# 2051299) * proxy heading in Add Credential should be capitalized (BZ# 2051349) * ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 (BZ# 2051983) * Create Policy button does not work and user cannot use console to create policy (BZ# 2053264) * No cluster information was displayed after a policyset was created (BZ# 2053366) * Dynamic plugin update does not take effect in Firefox (BZ# 2053516) * Replicated policy should not be available when creating a Policy Set (BZ# 2054431) * Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement (BZ# 2054433) 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2014557 - RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028224 - RHACM 2.5.0 images 2028348 - [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) 2028647 - Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2033339 - create cluster pool -> choose infra type , As a result infra providers disappear from UI. 2034279 - Restore/backup shows up as Validation failed but the restore backup status in ACM shows success 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2038650 - Observability - OCP 311 node role are not displayed completely 2041921 - Documented uninstall procedure leaves many leftovers 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2046554 - infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 2047463 - Acm failed to install due to some missing CRDs in operator 2051298 - Navigation icons no longer showing in ACM 2.5 2051299 - ACM home page now includes /home/ in url 2051349 - proxy heading in Add Credential should be capitalized 2051983 - ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053264 - Create Policy button does not work and user cannot use console to create policy 2053366 - No cluster information was displayed after a policyset was created 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2053516 - Dynamic plugin update does not take effect in Firefox 2054431 - Replicated policy should not be available when creating a Policy Set 2054433 - Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement 2054772 - credentialName is not parsed correctly in UI notifications/alerts when creating/updating a discovery config 2054860 - Cluster overview page crashes for on-prem cluster 2055333 - Unable to delete assisted-service operator 2055900 - If MCH is installed on existing MCE and both are in multicluster-engine namespace , uninstalling MCH terminates multicluster-engine namespace 2056485 - [UI] In infraenv detail the host list don't have pagination 2056701 - Non platform install fails agentclusterinstall CRD is outdated in rhacm2.5 2057060 - [CAPI] Unable to create ClusterDeployment due to service account restrictions (ACM + Bundled Assisted) 2058435 - Label cluster.open-cluster-management.io/backup-cluster stamped 'unknown' for velero backups 2059779 - spec.nodeSelector is missing in MCE instance created by MCH upon installing ACM on infra nodes 2059781 - Policy UI crashes when viewing details of configuration policies for backupschedule that does not exist 2060135 - [assisted-install] agentServiceConfig left orphaned after uninstalling ACM 2060151 - Policy set of the same name cannot be re-created after the previous one has been deleted 2060230 - [UI] Delete host modal has incorrect host's name populated 2060309 - multiclusterhub stuck in installing on "ManagedClusterConditionAvailable" [intermittent] 2060469 - The development branch of the Submariner addon deploys 0.11.0, not 0.12.0 2060550 - MCE installation hang due to no console-mce-console deployment available 2060603 - prometheus doesn't display managed clusters 2060831 - Observability - prometheus-operator failed to start on *KS 2060934 - Cannot provision AWS OCP 4.9 cluster from Power Hub 2061260 - The value of the policyset placement should be filtered space when input cluster label expression 2061311 - Cleanup of installed spoke clusters hang on deletion of spoke namespace 2061659 - the network section in create cluster -> Networking include the brace in the network title 2061798 - [ACM 2.5] The service of Cluster Proxy addon was missing 2061838 - ACM component subscriptions are removed when enabling spec.disableHubSelfManagement in MCH 2062009 - No name validation is performed on Policy and Policy Set Wizards 2062022 - cluster.open-cluster-management.io/backup-cluster of velero schedules should populate the corresponding hub clusterID 2062025 - No validation is done on yaml's format or content in Policy and Policy Set wizards 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2062337 - velero schedules get re-created after the backupschedule is in 'BackupCollision' phase 2062462 - Upgrade to 2.5 hang due to irreconcilable errors of grc-sub and search-prod-sub in MCH 2062556 - Always return the policyset page after created the policy from UI 2062787 - Submariner Add-on UI does not indicate on Broker error 2063055 - User with cluserrolebinding of open-cluster-management:cluster-manager-admin role can't see policies and clusters page 2063341 - Release imagesets are missing in the console for ocp 4.10 2063345 - Application Lifecycle- UI shows white blank page when the page is Refreshed 2063596 - claim clusters from clusterpool throws errors 2063599 - Update the message in clusterset -> clusterpool page since we did not allow to add clusterpool to clusterset by resourceassignment 2063697 - Observability - MCOCR reports object-storage secret without AWS access_key in STS enabled env 2064231 - Can not clean the instance type for worker pool when create the clusters 2064247 - prefer UI can add the architecture type when create the cluster 2064392 - multicloud oauth-proxy failed to log users in on web 2064477 - Click at "Edit Policy" for each policy leads to a blank page 2064509 - No option to view the ansible job details and its history in the Automation wizard after creation of the automation job 2064516 - Unable to delete an automation job of a policy 2064528 - Columns of Policy Set, Status and Source on Policy page are not sortable 2064535 - Different messages on the empty pages of Overview and Clusters when policy is disabled 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064722 - [Tracker] [DR][ACM 2.5] Applications are not getting deployed on managed cluster 2064899 - Failed to provision openshift 4.10 on bare metal 2065436 - "Filter" drop-down list does not show entries of the policies that have no top-level remediation specified 2066198 - Issues about disabled policy from UI 2066207 - The new created policy should be always shown up on the first line 2066333 - The message was confuse when the cluster status is Running 2066383 - MCE install failing on proxy disconnected environment 2066433 - Logout not working for ACM 2.5 2066464 - console-mce-console pods throw ImagePullError after upgrading to ocp 4.10 2066475 - User with view-only rolebinding should not be allowed to create policy, policy set and automation job 2066544 - The search box can't work properly in Policies page 2066594 - RFE: Can't open the helm source link of the backup-restore-enabled policy from UI 2066650 - minor issues in cluster curator due to the startup throws errors 2066751 - the image repo of application-manager did not updated to use the image repo in MCE/MCH configuration 2066834 - Hibernating cluster(s) in cluster pool stuck in 'Stopping' status after restore activation 2066842 - cluster pool credentials are not backed up 2066914 - Unable to remove cluster value during configuration of the label expressions for policy and policy set 2066940 - Validation fired out for https proxy when the link provided not starting with https 2066965 - No message is displayed in Policy Wizard to indicate a policy externally managed 2066979 - MIssing groups in policy filter options comparing to previous RHACM version 2067053 - I was not able to remove the image mirror content when create the cluster 2067067 - Can't filter the cluster info when clicked the cluster in the Placement section 2067207 - Bare metal asset secrets are not backed up 2067465 - Categories,Standards, and Controls annotations are not updated after user has deleted a selected template 2067713 - Columns on policy's "Results" are not sort-able as in previous release 2067728 - Can't search in the policy creation or policyset creation Yaml editor 2068304 - Application Lifecycle- Replicasets arent showing the logs console in Topology 2068309 - For policy wizard in dynamics plugin environment, buttons at the bottom should be sticky and the contents of the Policy should scroll 2068312 - Application Lifecycle - Argo Apps are not showing overview details and topology after upgrading from 2.4 2068313 - Application Lifecycle - Refreshing overview page leads to a blank page 2068328 - A cluster's "View history" page should not contain all clusters' violations history 2068387 - Observability - observability operator always CrashLoopBackOff in FIPS upgrading hub 2068993 - Observability - Node list is not filtered according to nodeType on OCP 311 dashboard 2069329 - config-policy-controller addon with "Unknown" status in OCP 3.11 managed cluster after upgrade hub to 2.5 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2069469 - Status of unreachable clusters is not reported in several places on GRC panels 2069615 - The YAML editor can't work well when login UI using dynamic console plugin 2069622 - No validation for policy template's name 2069698 - After claim a cluster from clusterpool, the cluster pages become very very slow 2069867 - Error occurs when trying to edit an application set/subscription 2069870 - ACM/MCE Dynamic Plugins - 404: Page Not Found Error Occurs - intermittent crashing 2069875 - Cluster secrets are not being created in the managed cluster's namespace 2069895 - Application Lifecycle - Replicaset and Pods gives error messages when Yaml is selected on sidebar 2070203 - Blank Application is shown when editing an Application with AnsibleJobs 2070782 - Failed Secret Propagation to the Same Namespace as the AnsibleJob CR 2070846 - [ACM 2.5] Can't re-add the default clusterset label after removing it from a managedcluster on BM SNO hub 2071066 - Policy set details panel does not work when deployed into namespace different than "default" 2071173 - Configured RunOnce automation job is not displayed although the policy has no violation 2071191 - MIssing title on details panel after clicking "view details" of a policy set card 2071769 - Placement must be always configured or error is reported when creating a policy 2071818 - ACM logo not displayed in About info modal 2071869 - Topology includes the status of local cluster resources when Application is only deployed to managed cluster 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2072097 - Local Cluster is shown as Remote on the Application Overview Page and Single App Overview Page 2072104 - Inconsistent "Not Deployed" Icon Used Between 2.4 and 2.5 as well as the Overview and Topology 2072177 - Cluster Resource Status is showing App Definition Statuses as well 2072227 - Sidebar Statuses Need to Be Updated to Reflect Cluster List and Cluster Resource Statuses 2072231 - Local Cluster not included in the appsubreport for Helm Applications Deployed on All Clusters 2072334 - Redirect URL is now to the details page after created a policy 2072342 - Shows "NaN%" in the ring chart when add the disabled policy into policyset and view its details 2072350 - CRD Deployed via Application Console does not have correct deployment status and spelling 2072359 - Report the error when editing compliance type in the YAML editor and then submit the changes 2072504 - The policy has violations on the failed managed cluster 2072551 - URL dropdown is not being rendered with an Argo App with a new URL 2072773 - When a channel is deleted and recreated through the App Wizard, application creation stalls and warning pops up 2072824 - The edit/delete policyset button should be greyed when using viewer check 2072829 - When Argo App with jsonnet object is deployed, topology and cluster status would fail to display the correct statuses. 2073179 - Policy controller was unable to retrieve violation status in for an OCP 3.11 managed cluster on ARM hub 2073330 - Observabilityy - memory usage data are not collected even collect rule is fired on SNO 2073355 - Get blank page when click policy with unknown status in Governance -> Overview page 2073508 - Thread responsible to get insights data from *ks clusters is broken 2073557 - appsubstatus is not deleted for Helm applications when changing between 2 managed clusters 2073726 - Placement of First Subscription gets overlapped by the Cluster Node in Application Topology 2073739 - Console/App LC - Error message saying resource conflict only shows up in standalone ACM but not in Dynamic plugin 2073740 - Console/App LC- Apps are deployed even though deployment do not proceed because of "resource conflict" error 2074178 - Editing Helm Argo Applications does not Prune Old Resources 2074626 - Policy placement failure during ZTP SNO scale test 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2074803 - The import cluster YAML editor shows the klusterletaddonconfig was required on MCE portal 2074937 - UI allows creating cluster even when there are no ClusterImageSets 2075416 - infraEnv failed to create image after restore 2075440 - The policyreport CR is created for spoke clusters until restarted the insights-client pod 2075739 - The lookup function won't check the referred resource whether exist when using template policies 2076421 - Can't select existing placement for policy or policyset when editing policy or policyset 2076494 - No policyreport CR for spoke clusters generated in the disconnected env 2076502 - The policyset card doesn't show the cluster status(violation/without violation) again after deleted one policy 2077144 - GRC Ansible automation wizard does not display error of missing dependent Ansible Automation Platform operator 2077149 - App UI shows no clusters cluster column of App Table when Discovery Applications is deployed to a managed cluster 2077291 - Prometheus doesn't display acm_managed_cluster_info after upgrade from 2.4 to 2.5 2077304 - Create Cluster button is disabled only if other clusters exist 2077526 - ACM UI is very very slow after upgrade from 2.4 to 2.5 2077562 - Console/App LC- Helm and Object bucket applications are not showing as deployed in the UI 2077751 - Can't create a template policy from UI when the object's name is referring Golang text template syntax in this policy 2077783 - Still show violation for clusterserviceversions after enforced "Detect Image vulnerabilities " policy template and the operator is installed 2077951 - Misleading message indicated that a placement of a policy became one managed only by policy set 2078164 - Failed to edit a policy without placement 2078167 - Placement binding and rule names are not created in yaml when editing a policy previously created with no placement 2078373 - Disable the hyperlink of *ks node in standalone MCE environment since the search component was not exists 2078617 - Azure public credential details get pre-populated with base domain name in UI 2078952 - View pod logs in search details returns error 2078973 - Crashed pod is marked with success in Topology 2079013 - Changing existing placement rules does not change YAML file 2079015 - Uninstall pod crashed when destroying Azure Gov cluster in ACM 2079421 - Hyphen(s) is deleted unexpectedly in UI when yaml is turned on 2079494 - Hitting Enter in yaml editor caused unexpected keys "key00x:" to be created 2079533 - Clusters with no default clusterset do not get assigned default cluster when upgrading from ACM 2.4 to 2.5 2079585 - When an Ansible Secret is propagated to an Ansible Application namespace, the propagated secret is shown in the Credentials page 2079611 - Edit appset placement in UI with a different existing placement causes the current associated placement being deleted 2079615 - Edit appset placement in UI with a new placement throws error upon submitting 2079658 - Cluster Count is Incorrect in Application UI 2079909 - Wrong message is displayed when GRC fails to connect to an ansible tower 2080172 - Still create policy automation successfully when the PolicyAutomation name exceed 63 characters 2080215 - Get a blank page after go to policies page in upgraded env when using an user with namespace-role-binding of default view role 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080503 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2080567 - Number of cluster in violation in the table does not match other cluster numbers on the policy set details page 2080712 - Select an existing placement configuration does not work 2080776 - Unrecognized characters are displayed on policy and policy set yaml editors 2081792 - When deploying an application to a clusterpool claimed cluster after upgrade, the application does not get deployed to the cluster 2081810 - Type '-' character in Name field caused previously typed character backspaced in in the name field of policy wizard 2081829 - Application deployed on local cluster's topology is crashing after upgrade 2081938 - The deleted policy still be shown on the policyset review page when edit this policy set 2082226 - Object Storage Topology includes residue of resources after Upgrade 2082409 - Policy set details panel remains even after the policy set has been deleted 2082449 - The hypershift-addon-agent deployment did not have imagePullSecrets 2083038 - Warning still refers to the `klusterlet-addon-appmgr` pod rather than the `application-manager` pod 2083160 - When editing a helm app with failing resources to another, the appsubstatus and the managedclusterview do not get updated 2083434 - The provider-credential-controller did not support the RHV credentials type 2083854 - When deploying an application with ansiblejobs multiple times with different namespaces, the topology shows all the ansiblejobs rather than just the one within the namespace 2083870 - When editing an existing application and refreshing the `Select an existing placement configuration`, multiple occurrences of the placementrule gets displayed 2084034 - The status message looks messy in the policy set card, suggest one kind status one a row 2084158 - Support provisioning bm cluster where no provisioning network provided 2084622 - Local Helm application shows cluster resources as `Not Deployed` in Topology [Upgrade] 2085083 - Policies fail to copy to cluster namespace after ACM upgrade 2085237 - Resources referenced by a channel are not annotated with backup label 2085273 - Error querying for ansible job in app topology 2085281 - Template name error is reported but the template name was found in a different replicated policy 2086389 - The policy violations for hibernated cluster still be displayed on the policy set details page 2087515 - Validation thrown out in configuration for disconnect install while creating bm credential 2088158 - Object Storage Application deployed to all clusters is showing unemployed in topology [Upgrade] 2088511 - Some cluster resources are not showing labels that are defined in the YAML 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2022:1073-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1073 Issue date: 2022-03-28 CVE Names: CVE-2022-0778 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Server (v. 6 ELS): Source: openssl-1.0.1e-60.el6_10.src.rpm i386: openssl-1.0.1e-60.el6_10.i686.rpm openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm openssl-devel-1.0.1e-60.el6_10.i686.rpm s390x: openssl-1.0.1e-60.el6_10.s390.rpm openssl-1.0.1e-60.el6_10.s390x.rpm openssl-debuginfo-1.0.1e-60.el6_10.s390.rpm openssl-debuginfo-1.0.1e-60.el6_10.s390x.rpm openssl-devel-1.0.1e-60.el6_10.s390.rpm openssl-devel-1.0.1e-60.el6_10.s390x.rpm x86_64: openssl-1.0.1e-60.el6_10.i686.rpm openssl-1.0.1e-60.el6_10.x86_64.rpm openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm openssl-debuginfo-1.0.1e-60.el6_10.x86_64.rpm openssl-devel-1.0.1e-60.el6_10.i686.rpm openssl-devel-1.0.1e-60.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6 ELS): i386: openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm openssl-perl-1.0.1e-60.el6_10.i686.rpm openssl-static-1.0.1e-60.el6_10.i686.rpm s390x: openssl-debuginfo-1.0.1e-60.el6_10.s390x.rpm openssl-perl-1.0.1e-60.el6_10.s390x.rpm openssl-static-1.0.1e-60.el6_10.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-60.el6_10.x86_64.rpm openssl-perl-1.0.1e-60.el6_10.x86_64.rpm openssl-static-1.0.1e-60.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2081686 - CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled 2081689 - CVE-2022-24905 argocd: Login screen allows message spoofing if SSO is enabled 2081691 - CVE-2022-24904 argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

SOURCES

LAST UPDATE DATE

2025-04-28T20:14:58.681000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE