ID

VAR-202203-1690

CVE

CVE-2018-25032

TITLE

zlib  Out-of-bounds write vulnerability in

DESCRIPTION

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: zlib-1.2.11-31.el9_0.1.src.rpm aarch64: minizip-compat-debuginfo-1.2.11-31.el9_0.1.aarch64.rpm zlib-1.2.11-31.el9_0.1.aarch64.rpm zlib-debuginfo-1.2.11-31.el9_0.1.aarch64.rpm zlib-debugsource-1.2.11-31.el9_0.1.aarch64.rpm ppc64le: minizip-compat-debuginfo-1.2.11-31.el9_0.1.ppc64le.rpm zlib-1.2.11-31.el9_0.1.ppc64le.rpm zlib-debuginfo-1.2.11-31.el9_0.1.ppc64le.rpm zlib-debugsource-1.2.11-31.el9_0.1.ppc64le.rpm s390x: minizip-compat-debuginfo-1.2.11-31.el9_0.1.s390x.rpm zlib-1.2.11-31.el9_0.1.s390x.rpm zlib-debuginfo-1.2.11-31.el9_0.1.s390x.rpm zlib-debugsource-1.2.11-31.el9_0.1.s390x.rpm x86_64: minizip-compat-debuginfo-1.2.11-31.el9_0.1.i686.rpm minizip-compat-debuginfo-1.2.11-31.el9_0.1.x86_64.rpm zlib-1.2.11-31.el9_0.1.i686.rpm zlib-1.2.11-31.el9_0.1.x86_64.rpm zlib-debuginfo-1.2.11-31.el9_0.1.i686.rpm zlib-debuginfo-1.2.11-31.el9_0.1.x86_64.rpm zlib-debugsource-1.2.11-31.el9_0.1.i686.rpm zlib-debugsource-1.2.11-31.el9_0.1.x86_64.rpm Red Hat CodeReady Linux Builder (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint 2042652 - Unable to deploy hw-event-proxy operator 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047308 - Remove metrics and events for master port offsets 2055049 - No pre-caching for NFD images 2055436 - nfd-master tracking the wrong api group 2055439 - nfd-master tracking the wrong api group (operand) 2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules 2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag 2062849 - hw event proxy is not binding on ipv6 local address 2066860 - Wrong spec in NFD documentation under `operand` 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2067312 - PPT event source is lost when received by the consumer 2077243 - NFD os release label lost after upgrade to ocp 4.10.6 2087511 - NFD SkipRange is wrong causing OLM install problems 2089962 - Node feature Discovery operator installation failed. 2090774 - Add Readme to plugin directory 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. Security Fix(es): * argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. Bugs fixed (https://bugzilla.redhat.com/): 2096278 - CVE-2022-31035 argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI 2096282 - CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. 2096283 - CVE-2022-31016 argocd: vulnerable to an uncontrolled memory consumption bug 2096291 - CVE-2022-31036 argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 3.70 enhancement and security update Advisory ID: RHSA-2022:4880-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:4880 Issue date: 2022-06-02 CVE Names: CVE-2018-25032 CVE-2021-3634 CVE-2021-3672 CVE-2021-3737 CVE-2021-4189 CVE-2021-23222 CVE-2021-23820 CVE-2021-25219 CVE-2021-41190 CVE-2022-1154 CVE-2022-1271 ==================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: New features and enhancements 1. Verifying image signatures against Cosign public keys: You can use RHACS to ensure the integrity of the container images in your clusters by verifying image signatures against preconfigured keys. You can also create policies to block unsigned images and images that do not have a verified signature and enforce the policy by using an admission controller to stop unauthorized deployment creation. 2. Registry integrations for Amazon Elastic Container Registry (ECR) are now automatically generated for Amazon Web Services (AWS) clusters. This feature requires that the nodes' Instance Identity and Access Management (IAM) Role has been granted access to ECR. You can turn off this feature by disabling the EC2 instance metadata service in your nodes. 3. Identifying missing Kubernetes network policies: RHACS 3.70 ships with a new default policy that allows you to easily identify deployments that are not restricted by any ingress network policy and to trigger violation alerts accordingly. The default policy is named Deployments should have at least one ingress Network Policy. It is disabled by default. This default policy uses a new policy criterion called "Alert on missing ingress Network Policy." To identify pod isolation gaps, you can clone this default policy or create a new one by using the policy criterion and enabling it on selected resources. 4. A policy to detect the Spring Cloud Function RCE vulnerability [CVE-2022-22963] and the Spring Framework Spring4Shell RCE vulnerability [CVE-2022-22965] has been added. It has a severity level of Critical and is enabled by default. 5. A new policy criterion has been added to validate the value of allowPrivilegeEscalation within the Kubernetes security context. You can use this policy criterion to provide alerts when a deployment is configured to allow a container process to gain more privileges than its parent process. 6. Customers using the recommended Operator method to deploy RHACS on OpenShift Container Platform can now view the credentials for the admin user in the OpenShift Container Platform console. When viewing the Central object, the Details tab provides a clickable link to the credentials under Admin Password Secret Reference. The displayed credentials are the default generated password or a previously configured and stored custom secret. 7. Previously, RHACS limited the number of allowed inclusion and exclusion scopes within a scope to ten each. This restriction has been removed. Notable technical changes 1. Vulnerability scanning and reporting for RHCOS nodes: Vulnerability scanning and reporting for Red Hat Enterprise Linux CoreOS (RHCOS) nodes has been disabled until scanning improvements are made for improved accuracy and to support full host-level scanning beyond just Kubernetes components. Currently, RHCOS uses National Vulnerability Database (NVD) vulnerability data for reporting vulnerabilities for Kubernetes components from RHCOS. In the enhanced version, vulnerability reporting will be based on Red Hat published security data. (ROX-10662) Deprecated Features: - - Ability to add comments to alerts and processes - - Anchore, Tenable, and Docker Trusted registry integrations - - External authorization plug-in for scoped access control - - FROM option in the Disallowed Dockerfile line policy field - - RenamePolicyCategory and DeletePolicyCategory API endpoints - - --rhacs option for the roxctl helm output command Removed Features: - - Ability to delete default policies - - Security policies without a policyVersion - - /v1/policies API endpoint response: field response body parameter Security Fixes: * json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays (CVE-2021-23820) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 3.70 you are advised to upgrade to RHACS 3.70.0. 4. Bugs fixed (https://bugzilla.redhat.com/): 2020369 - CVE-2021-23820 json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 5. JIRA issues fixed (https://issues.jboss.org/): ROX-11147 - Release RHACS 3.70.0 ROX-9625 - Central is susceptible to connection reuse issues when running on OpenShift ROX-9902 - Generic webhook notifier with username/password not working 6. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3672 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-23222 https://access.redhat.com/security/cve/CVE-2021-23820 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/acs/3.69/release_notes/370-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYphyENzjgjWX9erEAQhaMg/8Cdc2cZjgk8oqbk/N+zTUodLQUSbGuwyV SiKJGvCHo1ppVLMpVP9D2hYEVS6HMOsNskf5yApxF95Id68j7TQUNbhnUx3lyUO9 ZYcfxLjLVrHZq7iNumm6O0R03wqb+9TEYe3xU7p4z6pRX2dPO9M/TbjO/fsvvVSz B2JG32FVxGZJpqnaSkhWBP7NQ5ih8YrlGsdh6G5ip02MeDS3u/peXD+t/wHxSL24 Y5ao1LPKHJ/0soOKgGK/I/PkcbqSS38/wFmy2ohFwZsf5WWs+fLS2f2kbkP8FSKY 57kJtK2v4X7uRn3npO5B3qwZs1M06+6s/SavOxU0aAMkivmNuFvpLzdJLawPHBP2 y7j3Qxyq3H8rm0h7Rya/oIEP6MhxjCot2z4WrXES2B1J79lg7I1E3YoXQEaLhS1p eqhQ7QQksbB53AG2Eq+TmJR0oacb1xptotNGqSY2WZtLchxrTnadvTFEVJhhBHxn hG2zlNnjXoJKQdwJv2G/X7UemzeBqmhd8rHOGp4+WyASse7qS5LIXGZkqR1oRqlW TgHhg7a0R9N2yhK8N9QZnJKB4+xo2xeZ0tRLh/WYUh+V1icP/l9jH9c4ec9DGtyd uPamMUtVfrGcTbCluQPRZpNii+TwB8yyzEVcQBVwef5UfHmIe5qtCwE46U0V7eV+ rJ9xYHG86hA=r90W -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Release of RHACS 3.69.2 Security Fix(es): * stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902) 3. Bugs fixed (https://bugzilla.redhat.com/): 2090957 - CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext 5. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. ========================================================================== Ubuntu Security Notice USN-6736-2 May 23, 2024 klibc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in klibc. Software Description: - klibc: small utilities built with klibc for early boot Details: USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS klibc-utils 2.0.13-4ubuntu0.1 libklibc 2.0.13-4ubuntu0.1 In general, a standard system update will make all the necessary changes

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

xss

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-09-17T20:46:45.742000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE