Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-0286 (GCVE-0-2023-0286)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:01 – Updated: 2025-11-04 19:14
VLAI
EPSS
Title
X.400 address type confusion in X.509 GeneralName
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- type confusion vulnerability
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
8 references
Impacted products
Date Public
2023-02-07 00:00
Credits
David Benjamin (Google)
Hugo Landau
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:36.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:57:22.031399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Landau"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "type confusion vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:58.565Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X.400 address type confusion in X.509 GeneralName",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0286",
"datePublished": "2023-02-08T19:01:50.514Z",
"dateReserved": "2023-01-13T10:40:41.259Z",
"dateUpdated": "2025-11-04T19:14:36.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-0286",
"date": "2026-06-23",
"epss": "0.59501",
"percentile": "0.99"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.2\", \"versionEndExcluding\": \"1.0.2zg\", \"matchCriteriaId\": \"70985D55-A574-4151-B451-4D500CBFC29A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1.1\", \"versionEndExcluding\": \"1.1.1t\", \"matchCriteriaId\": \"DE0061D6-8F81-45D3-B254-82A94915FD08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.0.8\", \"matchCriteriaId\": \"A6DC5D88-4E99-48F2-8892-610ACA9B5B86\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.3.3\", \"matchCriteriaId\": \"62A933C5-C56E-485C-AD49-3B6A2C329131\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndExcluding\": \"2.7.11\", \"matchCriteriaId\": \"27B77023-4983-4D33-9824-A120A5ED31BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.8.0\", \"versionEndExcluding\": \"3.7.34\", \"matchCriteriaId\": \"8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.8.0\", \"versionEndExcluding\": \"3.11.22\", \"matchCriteriaId\": \"31B59634-B59C-4391-96D3-200A86A6CE3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.3.16\", \"matchCriteriaId\": \"F7794B42-8235-4C75-866F-5D0A405F0989\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.0\", \"versionEndExcluding\": \"4.6.3\", \"matchCriteriaId\": \"C8A23A5D-928A-4225-9C93-31E5DFE215A7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"There is a type confusion vulnerability relating to X.400 address processing\\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\\nthe public structure definition for GENERAL_NAME incorrectly specified the type\\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\\nASN1_STRING.\\n\\nWhen CRL checking is enabled (i.e. the application sets the\\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\\narbitrary pointers to a memcmp call, enabling them to read memory contents or\\nenact a denial of service. In most cases, the attack requires the attacker to\\nprovide both the certificate chain and CRL, neither of which need to have a\\nvalid signature. If the attacker only controls one of these inputs, the other\\ninput must already contain an X.400 address as a CRL distribution point, which\\nis uncommon. As such, this vulnerability is most likely to only affect\\napplications which have implemented their own functionality for retrieving CRLs\\nover a network.\\n\\n\"}]",
"id": "CVE-2023-0286",
"lastModified": "2024-11-21T07:36:53.843",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
"published": "2023-02-08T20:15:24.267",
"references": "[{\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.openssl.org/news/secadv/20230207.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssl.org/news/secadv/20230207.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-0286\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2023-02-08T20:15:24.267\",\"lastModified\":\"2026-06-17T05:25:12.637\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a type confusion vulnerability relating to X.400 address processing\\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\\nthe public structure definition for GENERAL_NAME incorrectly specified the type\\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\\nASN1_STRING.\\n\\nWhen CRL checking is enabled (i.e. the application sets the\\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\\narbitrary pointers to a memcmp call, enabling them to read memory contents or\\nenact a denial of service. In most cases, the attack requires the attacker to\\nprovide both the certificate chain and CRL, neither of which need to have a\\nvalid signature. If the attacker only controls one of these inputs, the other\\ninput must already contain an X.400 address as a CRL distribution point, which\\nis uncommon. As such, this vulnerability is most likely to only affect\\napplications which have implemented their own functionality for retrieving CRLs\\nover a network.\"}],\"affected\":[{\"source\":\"openssl-security@openssl.org\",\"affectedData\":[{\"vendor\":\"OpenSSL\",\"product\":\"OpenSSL\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"3.0.0\",\"lessThan\":\"3.0.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.1.1\",\"lessThan\":\"1.1.1t\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"1.0.2\",\"lessThan\":\"1.0.2zg\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-06T15:57:22.031399Z\",\"id\":\"CVE-2023-0286\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2zg\",\"matchCriteriaId\":\"70985D55-A574-4151-B451-4D500CBFC29A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.1\",\"versionEndExcluding\":\"1.1.1t\",\"matchCriteriaId\":\"DE0061D6-8F81-45D3-B254-82A94915FD08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.8\",\"matchCriteriaId\":\"A6DC5D88-4E99-48F2-8892-610ACA9B5B86\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.3\",\"matchCriteriaId\":\"62A933C5-C56E-485C-AD49-3B6A2C329131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.11\",\"matchCriteriaId\":\"27B77023-4983-4D33-9824-A120A5ED31BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"3.7.34\",\"matchCriteriaId\":\"8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8.0\",\"versionEndExcluding\":\"3.11.22\",\"matchCriteriaId\":\"31B59634-B59C-4391-96D3-200A86A6CE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.3.16\",\"matchCriteriaId\":\"F7794B42-8235-4C75-866F-5D0A405F0989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.6.3\",\"matchCriteriaId\":\"C8A23A5D-928A-4225-9C93-31E5DFE215A7\"}]}]}],\"references\":[{\"url\":\"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202402-08\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.openssl.org/news/secadv/20230207.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202402-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20230207.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20230207.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\", \"name\": \"3.0.8 git commit\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\", \"name\": \"1.1.1t git commit\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\", \"name\": \"1.0.2zg patch (premium)\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T19:14:36.256Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0286\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-06T15:57:22.031399Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-06T15:57:23.457Z\"}}], \"cna\": {\"title\": \"X.400 address type confusion in X.509 GeneralName\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"David Benjamin (Google)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Hugo Landau\"}], \"metrics\": [{\"other\": {\"type\": \"https://www.openssl.org/policies/secpolicy.html\", \"content\": {\"text\": \"High\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1t\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zg\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-02-07T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20230207.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658\", \"name\": \"3.0.8 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9\", \"name\": \"1.1.1t git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d\", \"name\": \"1.0.2zg patch (premium)\", \"tags\": [\"patch\"]}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig\"}, {\"url\": \"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt\"}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a type confusion vulnerability relating to X.400 address processing\\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\\nthe public structure definition for GENERAL_NAME incorrectly specified the type\\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\\nASN1_STRING.\\n\\nWhen CRL checking is enabled (i.e. the application sets the\\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\\narbitrary pointers to a memcmp call, enabling them to read memory contents or\\nenact a denial of service. In most cases, the attack requires the attacker to\\nprovide both the certificate chain and CRL, neither of which need to have a\\nvalid signature. If the attacker only controls one of these inputs, the other\\ninput must already contain an X.400 address as a CRL distribution point, which\\nis uncommon. As such, this vulnerability is most likely to only affect\\napplications which have implemented their own functionality for retrieving CRLs\\nover a network.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"type confusion vulnerability\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2024-02-04T09:06:58.565Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-0286\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T19:14:36.256Z\", \"dateReserved\": \"2023-01-13T10:40:41.259Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2023-02-08T19:01:50.514Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2023_4128
Vulnerability from csaf_redhat - Published: 2023-07-18 08:24 - Updated: 2024-11-25 08:50Summary
Red Hat Security Advisory: edk2 security update
Severity
Important
Notes
Topic: An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4128",
"url": "https://access.redhat.com/errata/RHSA-2023:4128"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "2164487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487"
},
{
"category": "external",
"summary": "2164492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4128.json"
}
],
"title": "Red Hat Security Advisory: edk2 security update",
"tracking": {
"current_release_date": "2024-11-25T08:50:11+00:00",
"generator": {
"date": "2024-11-25T08:50:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:4128",
"initial_release_date": "2023-07-18T08:24:41+00:00",
"revision_history": [
{
"date": "2023-07-18T08:24:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-18T08:24:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:50:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"product": {
"name": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"product_id": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-2.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product": {
"name": "edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product_id": "edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2-aarch64@20220126gitbb1bba3d77-2.el8_6.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product": {
"name": "edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product_id": "edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2-ovmf@20220126gitbb1bba3d77-2.el8_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src"
},
"product_reference": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
},
"product_reference": "edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
},
"product_reference": "edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4304",
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164487"
}
],
"notes": [
{
"category": "description",
"text": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing attack in RSA Decryption implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4304"
},
{
"category": "external",
"summary": "RHBZ#2164487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-18T08:24:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: timing attack in RSA Decryption implementation"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164492"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: use-after-free following BIO_new_NDEF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having a moderate impact in alignment with upstream. See the security advisory linked in external references.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0215"
},
{
"category": "external",
"summary": "RHBZ#2164492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-18T08:24:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: use-after-free following BIO_new_NDEF"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-18T08:24:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4128"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:edk2-0:20220126gitbb1bba3d77-2.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:edk2-aarch64-0:20220126gitbb1bba3d77-2.el8_6.1.noarch",
"AppStream-8.6.0.Z.EUS:edk2-ovmf-0:20220126gitbb1bba3d77-2.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2023_4252
Vulnerability from csaf_redhat - Published: 2023-07-25 07:55 - Updated: 2024-11-25 08:50Summary
Red Hat Security Advisory: edk2 security update
Severity
Important
Notes
Topic: An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4252",
"url": "https://access.redhat.com/errata/RHSA-2023:4252"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4252.json"
}
],
"title": "Red Hat Security Advisory: edk2 security update",
"tracking": {
"current_release_date": "2024-11-25T08:50:33+00:00",
"generator": {
"date": "2024-11-25T08:50:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:4252",
"initial_release_date": "2023-07-25T07:55:58+00:00",
"revision_history": [
{
"date": "2023-07-25T07:55:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-25T07:55:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:50:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"product": {
"name": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"product_id": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2@20200602gitca407c7246bf-4.el8_4.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product": {
"name": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product_id": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2-ovmf@20200602gitca407c7246bf-4.el8_4.3?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product": {
"name": "edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product_id": "edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/edk2-aarch64@20200602gitca407c7246bf-4.el8_4.3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src"
},
"product_reference": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
},
"product_reference": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src"
},
"product_reference": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
},
"product_reference": "edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
},
"product_reference": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src"
},
"product_reference": "edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
},
"product_reference": "edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-25T07:55:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4252"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.AUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.E4S:edk2-aarch64-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.E4S:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch",
"AppStream-8.4.0.Z.TUS:edk2-0:20200602gitca407c7246bf-4.el8_4.3.src",
"AppStream-8.4.0.Z.TUS:edk2-ovmf-0:20200602gitca407c7246bf-4.el8_4.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2023_5209
Vulnerability from csaf_redhat - Published: 2023-09-19 01:11 - Updated: 2024-11-25 08:50Summary
Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update
Severity
Important
Notes
Topic: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some Intel Atom and Intel Xeon Scalable Processors (CVE-2022-21216)
* kernel: Intel firmware update for Incorrect default permissions in some memory controller configurations (CVE-2022-33196)
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Linux kernel. A potential security vulnerability in some Intel(R) Atom(R) and Intel(R) Xeon(R) Scalable Processors may allow privilege escalation. This flaw may allow a privileged user to enable privilege escalation via adjacent network access.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch | — |
Threats
Impact
Important
A flaw was found in the Linux kernel. Some Intel(R) Xeon(R) processors with Intel® Software Guard Extensions (SGX) may allow privilege escalation. This issue may allow a privileged user to enable privilege escalation via local access.
7.2 (High)
Affected products
Fixed
2 products
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch | — |
Threats
Impact
Important
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some Intel Atom and Intel Xeon Scalable Processors (CVE-2022-21216)\n\n* kernel: Intel firmware update for Incorrect default permissions in some memory controller configurations (CVE-2022-33196)\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5209",
"url": "https://access.redhat.com/errata/RHSA-2023:5209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "2171227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171227"
},
{
"category": "external",
"summary": "2171252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5209.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update",
"tracking": {
"current_release_date": "2024-11-25T08:50:43+00:00",
"generator": {
"date": "2024-11-25T08:50:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:5209",
"initial_release_date": "2023-09-19T01:11:17+00:00",
"revision_history": [
{
"date": "2023-09-19T01:11:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-19T01:11:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:50:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"product_id": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.5.3-9.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"product": {
"name": "redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"product_id": "redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.5.3-202309130206_8.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.5.3-9.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host-content@4.5.3-9.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64",
"product_id": "redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.5.3-202309130206_8.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.5.3-9.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.5.3-202309130206_8.6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src"
},
"product_reference": "redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21216",
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171227"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. A potential security vulnerability in some Intel(R) Atom(R) and Intel(R) Xeon(R) Scalable Processors may allow privilege escalation. This flaw may allow a privileged user to enable privilege escalation via adjacent network access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some Intel Atom and Intel Xeon Scalable Processors",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content. In most cases, it merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat-owned development processes and QA documentation) for releasing this content as RHSA. For more information, please contact the binary content vendor.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21216"
},
{
"category": "external",
"summary": "RHBZ#2171227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21216"
},
{
"category": "external",
"summary": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214",
"url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html"
}
],
"release_date": "2023-02-16T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-19T01:11:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5209"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some Intel Atom and Intel Xeon Scalable Processors"
},
{
"cve": "CVE-2022-33196",
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. Some Intel(R) Xeon(R) processors with Intel\u00ae Software Guard Extensions (SGX) may allow privilege escalation. This issue may allow a privileged user to enable privilege escalation via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Intel firmware update for Incorrect default permissions in some memory controller configurations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has very limited visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content. In most cases, it merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required for releasing this content as RHSA, in terms of Red Hat-owned development processes and QA documentation. For more information, please contact the binary content vendor.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33196"
},
{
"category": "external",
"summary": "RHBZ#2171252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33196"
},
{
"category": "external",
"summary": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214",
"url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-19T01:11:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5209"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Intel firmware update for Incorrect default permissions in some memory controller configurations"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-19T01:11:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.3-9.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.3-9.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.3-202309130206_8.6.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.3-202309130206_8.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2024:5136
Vulnerability from csaf_redhat - Published: 2024-08-08 14:33 - Updated: 2026-03-18 02:43Summary
Red Hat Security Advisory: openssl security update
Severity
Important
Notes
Topic: An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5136",
"url": "https://access.redhat.com/errata/RHSA-2024:5136"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5136.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-03-18T02:43:22+00:00",
"generator": {
"date": "2026-03-18T02:43:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:5136",
"initial_release_date": "2024-08-08T14:33:13+00:00",
"revision_history": [
{
"date": "2024-08-08T14:33:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-08T14:33:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:43:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-21.el7_7.1.src",
"product": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src",
"product_id": "openssl-1:1.0.2k-21.el7_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-21.el7_7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.src",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.src",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-08T14:33:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5136"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2024:6095
Vulnerability from csaf_redhat - Published: 2024-09-11 13:22 - Updated: 2026-03-18 02:45Summary
Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6
Severity
Important
Notes
Topic: Important Logging for Red Hat OpenShift - 5.9.6
Details: Logging for Red Hat OpenShift - 5.9.6
cluster-logging-rhel9-operator: compat-openssl11(CVE-2023-0286)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important Logging for Red Hat OpenShift - 5.9.6",
"title": "Topic"
},
{
"category": "general",
"text": "Logging for Red Hat OpenShift - 5.9.6\ncluster-logging-rhel9-operator: compat-openssl11(CVE-2023-0286)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6095",
"url": "https://access.redhat.com/errata/RHSA-2024:6095"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "LOG-5525",
"url": "https://issues.redhat.com/browse/LOG-5525"
},
{
"category": "external",
"summary": "LOG-5585",
"url": "https://issues.redhat.com/browse/LOG-5585"
},
{
"category": "external",
"summary": "LOG-5602",
"url": "https://issues.redhat.com/browse/LOG-5602"
},
{
"category": "external",
"summary": "LOG-5815",
"url": "https://issues.redhat.com/browse/LOG-5815"
},
{
"category": "external",
"summary": "LOG-5866",
"url": "https://issues.redhat.com/browse/LOG-5866"
},
{
"category": "external",
"summary": "LOG-5988",
"url": "https://issues.redhat.com/browse/LOG-5988"
},
{
"category": "external",
"summary": "LOG-5997",
"url": "https://issues.redhat.com/browse/LOG-5997"
},
{
"category": "external",
"summary": "LOG-6016",
"url": "https://issues.redhat.com/browse/LOG-6016"
},
{
"category": "external",
"summary": "LOG-6023",
"url": "https://issues.redhat.com/browse/LOG-6023"
},
{
"category": "external",
"summary": "LOG-6028",
"url": "https://issues.redhat.com/browse/LOG-6028"
},
{
"category": "external",
"summary": "LOG-6033",
"url": "https://issues.redhat.com/browse/LOG-6033"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6095.json"
}
],
"title": "Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6",
"tracking": {
"current_release_date": "2026-03-18T02:45:02+00:00",
"generator": {
"date": "2026-03-18T02:45:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:6095",
"initial_release_date": "2024-09-11T13:22:49+00:00",
"revision_history": [
{
"date": "2024-09-11T13:22:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-11T13:22:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:45:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.9 for RHEL 9",
"product": {
"name": "RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.9::el9"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.9.6-22"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product_id": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.9.6-15"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product_id": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product_id": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product_id": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product_id": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product_id": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T13:22:49+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6095"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2024_5136
Vulnerability from csaf_redhat - Published: 2024-08-08 14:33 - Updated: 2024-11-25 08:51Summary
Red Hat Security Advisory: openssl security update
Severity
Important
Notes
Topic: An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5136",
"url": "https://access.redhat.com/errata/RHSA-2024:5136"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5136.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2024-11-25T08:51:02+00:00",
"generator": {
"date": "2024-11-25T08:51:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:5136",
"initial_release_date": "2024-08-08T14:33:13+00:00",
"revision_history": [
{
"date": "2024-08-08T14:33:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-08T14:33:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:51:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-21.el7_7.1.src",
"product": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src",
"product_id": "openssl-1:1.0.2k-21.el7_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-21.el7_7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product_id": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-21.el7_7.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product_id": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-21.el7_7.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.src",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.src",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-08T14:33:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5136"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.src",
"7Server-optional-7.7.AUS:openssl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-debuginfo-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-devel-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-libs-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-perl-1:1.0.2k-21.el7_7.1.x86_64",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.i686",
"7Server-optional-7.7.AUS:openssl-static-1:1.0.2k-21.el7_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2024_6095
Vulnerability from csaf_redhat - Published: 2024-09-11 13:22 - Updated: 2024-11-25 08:51Summary
Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6
Severity
Important
Notes
Topic: Important Logging for Red Hat OpenShift - 5.9.6
Details: Logging for Red Hat OpenShift - 5.9.6
cluster-logging-rhel9-operator: compat-openssl11(CVE-2023-0286)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important Logging for Red Hat OpenShift - 5.9.6",
"title": "Topic"
},
{
"category": "general",
"text": "Logging for Red Hat OpenShift - 5.9.6\ncluster-logging-rhel9-operator: compat-openssl11(CVE-2023-0286)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6095",
"url": "https://access.redhat.com/errata/RHSA-2024:6095"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "LOG-5525",
"url": "https://issues.redhat.com/browse/LOG-5525"
},
{
"category": "external",
"summary": "LOG-5585",
"url": "https://issues.redhat.com/browse/LOG-5585"
},
{
"category": "external",
"summary": "LOG-5602",
"url": "https://issues.redhat.com/browse/LOG-5602"
},
{
"category": "external",
"summary": "LOG-5815",
"url": "https://issues.redhat.com/browse/LOG-5815"
},
{
"category": "external",
"summary": "LOG-5866",
"url": "https://issues.redhat.com/browse/LOG-5866"
},
{
"category": "external",
"summary": "LOG-5988",
"url": "https://issues.redhat.com/browse/LOG-5988"
},
{
"category": "external",
"summary": "LOG-5997",
"url": "https://issues.redhat.com/browse/LOG-5997"
},
{
"category": "external",
"summary": "LOG-6016",
"url": "https://issues.redhat.com/browse/LOG-6016"
},
{
"category": "external",
"summary": "LOG-6023",
"url": "https://issues.redhat.com/browse/LOG-6023"
},
{
"category": "external",
"summary": "LOG-6028",
"url": "https://issues.redhat.com/browse/LOG-6028"
},
{
"category": "external",
"summary": "LOG-6033",
"url": "https://issues.redhat.com/browse/LOG-6033"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6095.json"
}
],
"title": "Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6",
"tracking": {
"current_release_date": "2024-11-25T08:51:12+00:00",
"generator": {
"date": "2024-11-25T08:51:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:6095",
"initial_release_date": "2024-09-11T13:22:49+00:00",
"revision_history": [
{
"date": "2024-09-11T13:22:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-11T13:22:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:51:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.9 for RHEL 9",
"product": {
"name": "RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.9::el9"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.9.6-22"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product_id": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.9.6-15"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product_id": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product_id": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product_id": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.6-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-290"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product_id": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product_id": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.6-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-639"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-277"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T13:22:49+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6095"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:e04ce5eaf023bd299b40c3c7666087404e41f6cc9a2342247024d8ac89bb87b0_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:250181cdcdd3167a25ca351423ad7f727ae88fc6a7b0a539f58267a8f1d8967b_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:4caec5ee0469d1a8f2faedfad20acd93aa5119da5920552852af6b9cca31286a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:50f07777580d38ca952df7afbfbdba16dbe56cf1bd39eac0223cc09a97f684e7_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:e6922b8a8ffc13776fa979350b3b405cc54bf58291ffd2147587e9ea0db8103a_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:4586853d6350b0ca6003929aca8826fc4596cd13a33ad803a5f10363a1fc5d4d_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:477ad04024ff5d04e8c2e1e1fa0965d5bf2de1d6ae81e41574102060543bf105_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:8f1349a66aafec3f7d58555ee62d8d41211feacb2cf142dcfa8183521b2fdbfb_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:cb07ad8e299a32a432eb64dba905c28f588175eb7552b3cac4797887f2e3126f_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:00d1fd2e056b38d1ba768c088883f39f0a7852ccdfa6a91744ea2ba9e9ab840a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:25422425899a2fa5cdc83a4aa31072d717a42483b5a7df9c485e13b5fcf19207_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:dd82c39b7456db7c3b82fb80173d831a9502305b45ff2c49b8ad3790d59e27c1_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:fa96f841fc8ae3a604ddabfc37f809f3e6a347f72a5064dd76ed8b040505da44_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:2507ce314e9d9d605e4738d1a6e86a94eac7c79dfe804e3fd6aac65bfe58bdf2_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:3a04a0c94d59ac70e6f3bba7e841f24beb4e7ece4fc006140a6460141461da99_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:4e004498e446d80475601c1260a16f879f455a38deb8c89f19c2cc1b9ca6834d_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:5a48b412f96069c258bdfacf7a2f7fbcec1ec08c8b1d9c6a8d36b419e440dc76_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6dfc15394c7f8de99fb777a9cac7019afaa4ab90cef7b6a9d76c2612ade28cdd_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:cc27123d734d0aa1a661595b3f79684c7c523332cdbe531d3421210448733c3f_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:e6f2435803484f9f3a3ed1c677dbfcba0dcc1868d95d46dfea61c09b79dc0acc_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:fc26a8ba1fa06feb4da0f55be2b55d1c29762c5e5255a93a6081ba993f84c077_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:011220d3f86ff9ca782c97ac75d4848e794fdeebb64cf8831548bc072ac106a2_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:a319832e0aeb74e6f43f695b9956fcb1f8422adab20974a242b9be415bc2ad4c_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:dd9abb806b3d8bcc636b8fb8720a926dc43e208c5c5d447f226cd2094689a8ac_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:ff52c6ce681a4c9a9824b098d2da9cbccdf4cd99aa9c25c8cf62baaf2dea7c4b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:76ddb9f56971649a52d0b66fa8a2df3859f7a4e9f965ee64cf1bd81a94b72d56_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:03fa793ec87087a9c186ec4a6bdbe1ac598a7823fcae97b420c06341a38a1caa_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:67d91441202f52784c16f034d884a929e8bae648c27a607dd771f56c778f3951_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:72ab9feb4222b622f5ddc4d16b89ff2d30fd6fc05f2bf300a80ad46e94749457_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:f3c1ae276ba84fcab2280fa93425ea6a324aa1403a7acc4ce6a45a4441d4d08c_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:34d4be5af7e687701e9f3b2f3641571e3a008b0f4293b98c83ec57a83074ed82_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:60cbbc0d76f51b6ea37b849384229f685a11f1862eed660c40d609dd00d2a790_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:cf87eea204c26385822e544c5ddad7f9400e6f83615fa67cbba50764a32140a9_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:f3d20fe354135d20ef2c211e436e400ffb0ad3229ec0bc6a392899e39f464829_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:0e8073947004d29ff3a01499290d9b1ad32d8f6175e85f439143272964d1ea59_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:324b8fcce44a02f7d998a0aeb888cb04658952bcab6bafa3d4e12e25119a7c7e_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:c52f8c6df837db95fcf92b435c3179afc4ae3045d90163392aeaf983c7be803d_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:f31e9d9057615fbb0a481e0fe0b06b95b8e273166f245a02881df4fcf8d2d5d7_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:256d82899cf94db79782955e72a9d149516e16a7775390ef0ea175957c05b6af_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:a9f57b24b591aa0b20e94a5817258298eb582a7b5e860c1f7110f52ca2923650_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:caf1da994f3f15f711cc149f96ec0637e43a1682dde292647af3dc6469b05523_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:f1d1685df8edf0abc85b0ab821bd68db8e4318d63fc93d41c0433adfceca6841_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2025:7733
Vulnerability from csaf_redhat - Published: 2025-05-15 18:36 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: compat-openssl11 security update
Severity
Important
Notes
Topic: An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases.\n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7733",
"url": "https://access.redhat.com/errata/RHSA-2025:7733"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7733.json"
}
],
"title": "Red Hat Security Advisory: compat-openssl11 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:11+00:00",
"generator": {
"date": "2026-03-18T03:00:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:7733",
"initial_release_date": "2025-05-15T18:36:35+00:00",
"revision_history": [
{
"date": "2025-05-15T18:36:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-15T18:36:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_4.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_4.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_4.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_4.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_4.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-15T18:36:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7733"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:compat-openssl11-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2025:7895
Vulnerability from csaf_redhat - Published: 2025-05-19 06:21 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: compat-openssl10 security update
Severity
Important
Notes
Topic: An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.\n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7895",
"url": "https://access.redhat.com/errata/RHSA-2025:7895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7895.json"
}
],
"title": "Red Hat Security Advisory: compat-openssl10 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:16+00:00",
"generator": {
"date": "2026-03-18T03:00:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:7895",
"initial_release_date": "2025-05-19T06:21:29+00:00",
"revision_history": [
{
"date": "2025-05-19T06:21:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-19T06:21:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"product": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"product_id": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debugsource@1.0.2o-4.el8_10.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"product": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"product_id": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debuginfo@1.0.2o-4.el8_10.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"product": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"product_id": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debugsource@1.0.2o-4.el8_10.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"product": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"product_id": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debuginfo@1.0.2o-4.el8_10.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"product": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"product_id": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debugsource@1.0.2o-4.el8_10.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"product": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"product_id": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debuginfo@1.0.2o-4.el8_10.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64",
"product": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64",
"product_id": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debugsource@1.0.2o-4.el8_10.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"product": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"product_id": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debuginfo@1.0.2o-4.el8_10.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"product": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"product_id": "compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10@1.0.2o-4.el8_10.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"product": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"product_id": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debugsource@1.0.2o-4.el8_10.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"product": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"product_id": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl10-debuginfo@1.0.2o-4.el8_10.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64"
},
"product_reference": "compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64"
},
"product_reference": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686"
},
"product_reference": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le"
},
"product_reference": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x"
},
"product_reference": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64"
},
"product_reference": "compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64"
},
"product_reference": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686"
},
"product_reference": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le"
},
"product_reference": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x"
},
"product_reference": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64"
},
"product_reference": "compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T06:21:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7895"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.src",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debuginfo-1:1.0.2o-4.el8_10.1.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.i686",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:compat-openssl10-debugsource-1:1.0.2o-4.el8_10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
RHSA-2025:7937
Vulnerability from csaf_redhat - Published: 2025-05-19 08:51 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: compat-openssl11 security update
Severity
Important
Notes
Topic: An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases.
Security Fix(es):
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
7.4 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases.\n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7937",
"url": "https://access.redhat.com/errata/RHSA-2025:7937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7937.json"
}
],
"title": "Red Hat Security Advisory: compat-openssl11 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:20+00:00",
"generator": {
"date": "2026-03-18T03:00:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:7937",
"initial_release_date": "2025-05-19T08:51:39+00:00",
"revision_history": [
{
"date": "2025-05-19T08:51:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-19T08:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_6.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_6.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"product": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"product_id": "compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11@1.1.1k-5.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"product": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"product_id": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debugsource@1.1.1k-5.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"product": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"product_id": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/compat-openssl11-debuginfo@1.1.1k-5.el9_6.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64"
},
"product_reference": "compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64"
},
"product_reference": "compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64"
},
"product_reference": "compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:51:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7937"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.src",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debuginfo-1:1.1.1k-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.i686",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:compat-openssl11-debugsource-1:1.1.1k-5.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…