var-202205-2059
Vulnerability from variot
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to Vim 8.2, which is caused by an out-of-bounds write problem.
This advisory covers the RPM packages for the release. Solution:
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- Bugs fixed (https://bugzilla.redhat.com/):
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1105 - IOR doesn't support a host with namespace/ prefix OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes OSSM-1800 - IOR should copy labels from Gateway to Route OSSM-1805 - Reconcile SMCP when Kiali is not available OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER OSSM-1868 - Container release for Maistra 2.2.2
- Description:
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Space precludes documenting all of these changes in this advisory.
Security Fix(es):
-
grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
-
grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release
- Summary:
OpenShift sandboxed containers 1.3.1 is now available. Description:
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-16
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #851231, #861092, #869359, #879257, #883681, #889730 ID: 202305-16
Synopsis
Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.1157 >= 9.0.1157 2 app-editors/vim < 9.0.1157 >= 9.0.1157 3 app-editors/vim-core < 9.0.1157 >= 9.0.1157
Description
Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"
References
[ 1 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 2 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 3 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 4 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 5 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 6 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 7 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 8 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 9 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 10 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 11 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 12 ] CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 [ 13 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 14 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 15 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 16 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 17 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 18 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 19 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 20 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 21 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 22 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 23 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 24 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 25 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 26 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 27 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 28 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 29 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 30 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 31 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 32 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 33 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 34 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 35 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 36 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 37 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 38 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 39 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 40 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 41 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 42 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 43 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 44 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 45 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 46 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 47 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 48 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 49 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 50 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 51 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 [ 52 ] CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 [ 53 ] CVE-2022-2816 https://nvd.nist.gov/vuln/detail/CVE-2022-2816 [ 54 ] CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 [ 55 ] CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 [ 56 ] CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 [ 57 ] CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 [ 58 ] CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 [ 59 ] CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 [ 60 ] CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 [ 61 ] CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 [ 62 ] CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 [ 63 ] CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 [ 64 ] CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 [ 65 ] CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 [ 66 ] CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 [ 67 ] CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 [ 68 ] CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 [ 69 ] CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 [ 70 ] CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 [ 71 ] CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 [ 72 ] CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 [ 73 ] CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 [ 74 ] CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 [ 75 ] CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 [ 76 ] CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 [ 77 ] CVE-2022-3491 https://nvd.nist.gov/vuln/detail/CVE-2022-3491 [ 78 ] CVE-2022-3520 https://nvd.nist.gov/vuln/detail/CVE-2022-3520 [ 79 ] CVE-2022-3591 https://nvd.nist.gov/vuln/detail/CVE-2022-3591 [ 80 ] CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 [ 81 ] CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 [ 82 ] CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 [ 83 ] CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 [ 84 ] CVE-2022-47024 https://nvd.nist.gov/vuln/detail/CVE-2022-47024 [ 85 ] CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 [ 86 ] CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 [ 87 ] CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2946 - After upgrade all logs are stored in app indices LOG-2963 - OpenSearch can no longer be used as an Elasticsearch output for forwarding LOG-2972 - ElasticsearchError error="400 - Rejected by Elasticsearch" when adding some labels in application namespaces LOG-3009 - Elasticsearch operator repeatedly prints error message when checking indices
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fixes:
-
CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
-
CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
-
CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
-
CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
-
CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
-
CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
-
CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
-
CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
-
CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
-
CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
-
CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Bug fixes:
-
assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)
-
assisted-service-build image is too big in size (BZ# 2066059)
-
assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)
-
PXE artifacts need to be served via HTTP (BZ# 2078531)
-
Implementing new service-agent protocol on agent side (BZ# 2081281)
-
RHACM 2.6.0 images (BZ# 2090906)
-
Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)
-
Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)
-
Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)
-
Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)
-
The pre-selected search keyword is not readable (BZ# 2107736)
-
The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned 2066059 - assisted-service-build image is too big in size 2076901 - assisted-service pin-latest.py script should exclude the postgres image 2078531 - iPXE artifacts need to be served via HTTP 2081281 - Implementing new service-agent protocol on agent side 2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors 2090906 - RHACM 2.6.0 images 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2093503 - Assisted service POD keeps crashing after a bare metal host is created 2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled 2096445 - Assisted service POD keeps crashing after a bare metal host is created 2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow 2097696 - Fix assisted CI jobs that fail for cluster-info readiness 2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB 2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart 2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow 2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2105339 - Search Application button on the Application Table for Subscription applications does not Redirect 2105357 - [UI] hypershift cluster creation error - n[0] is undefined 2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa 2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications 2107049 - The clusterrole for global clusterset did not created by default 2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {"error": "error listening on :8081: listen tcp :8081: bind: address already in use"} 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107370 - Helm Release resource recreation feature does not work with the local cluster 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108888 - Hypershift on AWS - control plane not running 2109370 - The button to create the cluster is not visible 2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6 2111218 - Create cluster - Infrastructure page crashes 2111651 - "View application" button on app table for Flux applications redirects to apiVersion=ocp instead of flux 2111663 - Hosted cluster in Pending import state 2111671 - Leaked namespaces after deleting hypershift deployment 2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs 2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI 2112180 - The policy page is crashed after input keywords in the search box 2112281 - config-policy-controller pod can't startup in the OCP3.11 managed cluster 2112318 - Can't delete the objects which are re-created by policy when deleting the policy 2112321 - BMAC reconcile loop never stops after changes 2112426 - No cluster discovered due to x509: certificate signed by unknown authority 2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. 2112793 - Can't view details of the policy template when set the spec.pruneObjectBehavior as unsupported value 2112803 - ClusterServiceVersion for release 2.6 branch references "latest" tag 2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster 2113838 - the cluster proxy-agent was deployed on the non-infra nodes 2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace 2114982 - Control plane type shows 'Standalone' for hypershift cluster 2115622 - Hub fromsecret function doesn't work for hosted mode in multiple hub 2115723 - Can't view details of the policy template for customer and hypershift cluster in hosted mode from UI 2115993 - Policy automation details panel was not updated after editing the mode back to disabled 2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status 2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster 2117113 - The proxy-server-host was not correct in cluster-proxy-agent 2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates 2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn't work 2118338 - Report the "namespace not found" error after clicked view yaml link of a policy in the multiple hub env 2119326 - Can't view details of the SecurityContextConstraints policy for managed clusters from UI
Bug Fix(es):
-
Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
-
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
-
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
-
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
-
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
-
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
-
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
-
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
-
Unable to start windows VMs on PSI setups (BZ#2115371)
-
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
-
Mark Windows 11 as TechPreview (BZ#2129013)
-
4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.12.0 Images security update Advisory ID: RHSA-2023:0408-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408 Issue date: 2023-01-24 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Solution:
Before applying this update, you must apply all previously released errata relevant to your system.
To apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- References:
https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH ipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK xIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv cV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH 3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s xfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb OWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln moRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy xIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x eOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs RvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94 5HLmWeHmkTg=Nw07 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-2059", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "36" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "vim", "scope": "lt", "trust": 1.0, "vendor": "vim", "version": "8.0.5023" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-1897" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.5023", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-1897" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "168222" }, { "db": "PACKETSTORM", "id": "168022" }, { "db": "PACKETSTORM", "id": "169443" }, { "db": "PACKETSTORM", "id": "168284" }, { "db": "PACKETSTORM", "id": "168287" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170741" } ], "trust": 0.7 }, "cve": "CVE-2022-1897", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-423551", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "security@huntr.dev", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-1897", "trust": 1.0, "value": "HIGH" }, { "author": "security@huntr.dev", "id": "CVE-2022-1897", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202205-4246", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-423551", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-423551" }, { "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "db": "NVD", "id": "CVE-2022-1897" }, { "db": "NVD", "id": "CVE-2022-1897" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to Vim 8.2, which is caused by an out-of-bounds write problem. \n\nThis advisory covers the RPM packages for the release. Solution:\n\nThe OpenShift Service Mesh Release Notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1105 - IOR doesn\u0027t support a host with namespace/ prefix\nOSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start\nOSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing\nOSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace\nOSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes\nOSSM-1800 - IOR should copy labels from Gateway to Route\nOSSM-1805 - Reconcile SMCP when Kiali is not available\nOSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER\nOSSM-1868 - Container release for Maistra 2.2.2\n\n6. Description:\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services. \n\nSpace precludes documenting all of these changes in this advisory. \n\nSecurity Fix(es):\n\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2115198 - build ceph containers for RHCS 5.2 release\n\n5. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: May 03, 2023\n Bugs: #851231, #861092, #869359, #879257, #883681, #889730\n ID: 202305-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n==========\n\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.1157 \u003e= 9.0.1157\n 2 app-editors/vim \u003c 9.0.1157 \u003e= 9.0.1157\n 3 app-editors/vim-core \u003c 9.0.1157 \u003e= 9.0.1157\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Vim, gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.1157\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.1157\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.1157\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 2 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 3 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 4 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 5 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 6 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 7 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 8 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 9 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 10 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 11 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 12 ] CVE-2022-1725\n https://nvd.nist.gov/vuln/detail/CVE-2022-1725\n[ 13 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 14 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 15 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 16 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 17 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 18 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 19 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 20 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 21 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 22 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 23 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 24 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 25 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 26 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 27 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 28 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 29 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 30 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 31 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 32 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 33 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 34 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 35 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 36 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 37 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 38 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 39 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 40 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 41 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 42 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 43 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 44 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 45 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 46 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 47 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 48 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 49 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 50 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 51 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n[ 52 ] CVE-2022-2522\n https://nvd.nist.gov/vuln/detail/CVE-2022-2522\n[ 53 ] CVE-2022-2816\n https://nvd.nist.gov/vuln/detail/CVE-2022-2816\n[ 54 ] CVE-2022-2817\n https://nvd.nist.gov/vuln/detail/CVE-2022-2817\n[ 55 ] CVE-2022-2819\n https://nvd.nist.gov/vuln/detail/CVE-2022-2819\n[ 56 ] CVE-2022-2845\n https://nvd.nist.gov/vuln/detail/CVE-2022-2845\n[ 57 ] CVE-2022-2849\n https://nvd.nist.gov/vuln/detail/CVE-2022-2849\n[ 58 ] CVE-2022-2862\n https://nvd.nist.gov/vuln/detail/CVE-2022-2862\n[ 59 ] CVE-2022-2874\n https://nvd.nist.gov/vuln/detail/CVE-2022-2874\n[ 60 ] CVE-2022-2889\n https://nvd.nist.gov/vuln/detail/CVE-2022-2889\n[ 61 ] CVE-2022-2923\n https://nvd.nist.gov/vuln/detail/CVE-2022-2923\n[ 62 ] CVE-2022-2946\n https://nvd.nist.gov/vuln/detail/CVE-2022-2946\n[ 63 ] CVE-2022-2980\n https://nvd.nist.gov/vuln/detail/CVE-2022-2980\n[ 64 ] CVE-2022-2982\n https://nvd.nist.gov/vuln/detail/CVE-2022-2982\n[ 65 ] CVE-2022-3016\n https://nvd.nist.gov/vuln/detail/CVE-2022-3016\n[ 66 ] CVE-2022-3099\n https://nvd.nist.gov/vuln/detail/CVE-2022-3099\n[ 67 ] CVE-2022-3134\n https://nvd.nist.gov/vuln/detail/CVE-2022-3134\n[ 68 ] CVE-2022-3153\n https://nvd.nist.gov/vuln/detail/CVE-2022-3153\n[ 69 ] CVE-2022-3234\n https://nvd.nist.gov/vuln/detail/CVE-2022-3234\n[ 70 ] CVE-2022-3235\n https://nvd.nist.gov/vuln/detail/CVE-2022-3235\n[ 71 ] CVE-2022-3256\n https://nvd.nist.gov/vuln/detail/CVE-2022-3256\n[ 72 ] CVE-2022-3278\n https://nvd.nist.gov/vuln/detail/CVE-2022-3278\n[ 73 ] CVE-2022-3296\n https://nvd.nist.gov/vuln/detail/CVE-2022-3296\n[ 74 ] CVE-2022-3297\n https://nvd.nist.gov/vuln/detail/CVE-2022-3297\n[ 75 ] CVE-2022-3324\n https://nvd.nist.gov/vuln/detail/CVE-2022-3324\n[ 76 ] CVE-2022-3352\n https://nvd.nist.gov/vuln/detail/CVE-2022-3352\n[ 77 ] CVE-2022-3491\n https://nvd.nist.gov/vuln/detail/CVE-2022-3491\n[ 78 ] CVE-2022-3520\n https://nvd.nist.gov/vuln/detail/CVE-2022-3520\n[ 79 ] CVE-2022-3591\n https://nvd.nist.gov/vuln/detail/CVE-2022-3591\n[ 80 ] CVE-2022-3705\n https://nvd.nist.gov/vuln/detail/CVE-2022-3705\n[ 81 ] CVE-2022-4141\n https://nvd.nist.gov/vuln/detail/CVE-2022-4141\n[ 82 ] CVE-2022-4292\n https://nvd.nist.gov/vuln/detail/CVE-2022-4292\n[ 83 ] CVE-2022-4293\n https://nvd.nist.gov/vuln/detail/CVE-2022-4293\n[ 84 ] CVE-2022-47024\n https://nvd.nist.gov/vuln/detail/CVE-2022-47024\n[ 85 ] CVE-2023-0049\n https://nvd.nist.gov/vuln/detail/CVE-2023-0049\n[ 86 ] CVE-2023-0051\n https://nvd.nist.gov/vuln/detail/CVE-2023-0051\n[ 87 ] CVE-2023-0054\n https://nvd.nist.gov/vuln/detail/CVE-2023-0054\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2946 - After upgrade all logs are stored in app indices\nLOG-2963 - OpenSearch can no longer be used as an Elasticsearch output for forwarding\nLOG-2972 - ElasticsearchError error=\"400 - Rejected by Elasticsearch\" when adding some labels in application namespaces \nLOG-3009 - Elasticsearch operator repeatedly prints error message when checking indices\n\n6. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random\nticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be\npinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image\n(BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created\n(BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub\ncluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead\nof at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and\npolicysets cannot be shown real-time from UI (BZ# 2111843)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned\n2066059 - assisted-service-build image is too big in size\n2076901 - assisted-service pin-latest.py script should exclude the postgres image\n2078531 - iPXE artifacts need to be served via HTTP\n2081281 - Implementing new service-agent protocol on agent side\n2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors\n2090906 - RHACM 2.6.0 images\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2093503 - Assisted service POD keeps crashing after a bare metal host is created\n2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled\n2096445 - Assisted service POD keeps crashing after a bare metal host is created\n2096460 - Spoke BMH stuck \"inspecting\" when deployed via the converged workflow\n2097696 - Fix assisted CI jobs that fail for cluster-info readiness\n2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB\n2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart\n2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow\n2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2105339 - Search Application button on the Application Table for Subscription applications does not Redirect\n2105357 - [UI] hypershift cluster creation error - n[0] is undefined\n2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa\n2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications\n2107049 - The clusterrole for global clusterset did not created by default\n2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {\"error\": \"error listening on :8081: listen tcp :8081: bind: address already in use\"}\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107370 - Helm Release resource recreation feature does not work with the local cluster\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108888 - Hypershift on AWS - control plane not running\n2109370 - The button to create the cluster is not visible\n2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6\n2111218 - Create cluster - Infrastructure page crashes\n2111651 - \"View application\" button on app table for Flux applications redirects to apiVersion=ocp instead of flux\n2111663 - Hosted cluster in Pending import state\n2111671 - Leaked namespaces after deleting hypershift deployment\n2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs\n2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI\n2112180 - The policy page is crashed after input keywords in the search box\n2112281 - config-policy-controller pod can\u0027t startup in the OCP3.11 managed cluster\n2112318 - Can\u0027t delete the objects which are re-created by policy when deleting the policy\n2112321 - BMAC reconcile loop never stops after changes\n2112426 - No cluster discovered due to x509: certificate signed by unknown authority\n2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. \n2112793 - Can\u0027t view details of the policy template when set the spec.pruneObjectBehavior as unsupported value\n2112803 - ClusterServiceVersion for release 2.6 branch references \"latest\" tag\n2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster\n2113838 - the cluster proxy-agent was deployed on the non-infra nodes\n2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace\n2114982 - Control plane type shows \u0027Standalone\u0027 for hypershift cluster\n2115622 - Hub fromsecret function doesn\u0027t work for hosted mode in multiple hub\n2115723 - Can\u0027t view details of the policy template for customer and hypershift cluster in hosted mode from UI\n2115993 - Policy automation details panel was not updated after editing the mode back to disabled\n2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status\n2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster\n2117113 - The proxy-server-host was not correct in cluster-proxy-agent\n2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates\n2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn\u0027t work\n2118338 - Report the \"namespace not found\" error after clicked view yaml link of a policy in the multiple hub env\n2119326 - Can\u0027t view details of the SecurityContextConstraints policy for managed clusters from UI\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.12.0 Images security update\nAdvisory ID: RHSA-2023:0408-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0408\nIssue date: 2023-01-24\nCVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256\n CVE-2020-35525 CVE-2020-35527 CVE-2021-0308\n CVE-2021-38561 CVE-2021-44716 CVE-2021-44717\n CVE-2022-0391 CVE-2022-0934 CVE-2022-1292\n CVE-2022-1304 CVE-2022-1586 CVE-2022-1705\n CVE-2022-1785 CVE-2022-1798 CVE-2022-1897\n CVE-2022-1927 CVE-2022-1962 CVE-2022-2068\n CVE-2022-2097 CVE-2022-2509 CVE-2022-3515\n CVE-2022-3787 CVE-2022-22624 CVE-2022-22628\n CVE-2022-22629 CVE-2022-22662 CVE-2022-23772\n CVE-2022-23773 CVE-2022-23806 CVE-2022-24795\n CVE-2022-25308 CVE-2022-25309 CVE-2022-25310\n CVE-2022-26700 CVE-2022-26709 CVE-2022-26710\n CVE-2022-26716 CVE-2022-26717 CVE-2022-26719\n CVE-2022-27404 CVE-2022-27405 CVE-2022-27406\n CVE-2022-28131 CVE-2022-29526 CVE-2022-30293\n CVE-2022-30629 CVE-2022-30630 CVE-2022-30631\n CVE-2022-30632 CVE-2022-30633 CVE-2022-30635\n CVE-2022-30698 CVE-2022-30699 CVE-2022-32148\n CVE-2022-32206 CVE-2022-32208 CVE-2022-34903\n CVE-2022-37434 CVE-2022-40674 CVE-2022-42898\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.12 is now available with updates\nto packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-20107\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-0256\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2021-0308\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0391\nhttps://access.redhat.com/security/cve/CVE-2022-0934\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1705\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-1962\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3787\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24795\nhttps://access.redhat.com/security/cve/CVE-2022-25308\nhttps://access.redhat.com/security/cve/CVE-2022-25309\nhttps://access.redhat.com/security/cve/CVE-2022-25310\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-27404\nhttps://access.redhat.com/security/cve/CVE-2022-27405\nhttps://access.redhat.com/security/cve/CVE-2022-27406\nhttps://access.redhat.com/security/cve/CVE-2022-28131\nhttps://access.redhat.com/security/cve/CVE-2022-29526\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-30629\nhttps://access.redhat.com/security/cve/CVE-2022-30630\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-30632\nhttps://access.redhat.com/security/cve/CVE-2022-30633\nhttps://access.redhat.com/security/cve/CVE-2022-30635\nhttps://access.redhat.com/security/cve/CVE-2022-30698\nhttps://access.redhat.com/security/cve/CVE-2022-30699\nhttps://access.redhat.com/security/cve/CVE-2022-32148\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH\nipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK\nxIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv\ncV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH\n3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s\nxfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb\nOWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln\nmoRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy\nxIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x\neOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs\nRvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94\n5HLmWeHmkTg=Nw07\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2022-1897" }, { "db": "VULHUB", "id": "VHN-423551" }, { "db": "PACKETSTORM", "id": "168222" }, { "db": "PACKETSTORM", "id": "168022" }, { "db": "PACKETSTORM", "id": "169443" }, { "db": "PACKETSTORM", "id": "172122" }, { "db": "PACKETSTORM", "id": "168284" }, { "db": "PACKETSTORM", "id": "168287" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170741" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-1897", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "170083", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168222", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168284", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "169443", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168022", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "167944", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168538", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168378", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168182", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167729", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168112", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168013", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202205-4246", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.4122", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6290", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3347", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2896", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.4082", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5247", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5300", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4233", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3813", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4316", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4167", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4747", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3921", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.0019", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4568", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3002", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6148", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6434", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062022", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022070807", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "168287", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2022-50690", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168516", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168150", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168289", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168139", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169435", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168213", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-423551", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "172122", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170741", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-423551" }, { "db": "PACKETSTORM", "id": "168222" }, { "db": "PACKETSTORM", "id": "168022" }, { "db": "PACKETSTORM", "id": "169443" }, { "db": "PACKETSTORM", "id": "172122" }, { "db": "PACKETSTORM", "id": "168284" }, { "db": "PACKETSTORM", "id": "168287" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "db": "NVD", "id": "CVE-2022-1897" } ] }, "id": "VAR-202205-2059", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-423551" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:55:59.007000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Vim Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=195377" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-4246" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-423551" }, { "db": "NVD", "id": "CVE-2022-1897" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/kb/ht213488" }, { "trust": 1.7, "url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/oct/28" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/oct/41" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/202208-32" }, { "trust": 1.7, "url": "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/202305-16" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-2097" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-1292" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-1586" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-2068" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-1785" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-1897" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-1927" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4747" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-normal-cmd-38494" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3813" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168538/red-hat-security-advisory-2022-6696-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168222/red-hat-security-advisory-2022-6283-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168182/red-hat-security-advisory-2022-6184-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/170083/red-hat-security-advisory-2022-8750-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2896" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6290" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168013/red-hat-security-advisory-2022-5942-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167729/ubuntu-security-notice-usn-5507-1.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070807" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4233" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5300" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6434" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3002" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5247" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3347" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4316" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3921" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4082" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168112/red-hat-security-advisory-2022-6051-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167944/red-hat-security-advisory-2022-5813-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0019" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062022" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-1897/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4167" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6148" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4122" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4568" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-32208" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-32206" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-30632" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-29154" }, { "trust": 0.3, "url": "https://issues.jboss.org/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30630" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30635" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-28131" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30633" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1962" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-34903" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-0391" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-40674" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-20107" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-32148" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1705" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30631" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30629" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24675" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2526" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-0308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3709" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1304" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26700" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26716" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26710" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2509" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22629" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25309" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30698" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30699" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-0256" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26717" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22662" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27404" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25310" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22624" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-3515" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24795" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-37434" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38561" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27406" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35525" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26709" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22628" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27405" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0934" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35527" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30293" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30635" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6283" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25314" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-43813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22576" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43813" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/1548993" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25313" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27774" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40528" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/2789521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29824" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6024" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7058" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6183" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32250" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1012" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31129" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-38177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24921" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:8750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-38178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:0408" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29526" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42898" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23773" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3787" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44716" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1798" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44717" } ], "sources": [ { "db": "VULHUB", "id": "VHN-423551" }, { "db": "PACKETSTORM", "id": "168222" }, { "db": "PACKETSTORM", "id": "168022" }, { "db": "PACKETSTORM", "id": "169443" }, { "db": "PACKETSTORM", "id": "172122" }, { "db": "PACKETSTORM", "id": "168284" }, { "db": "PACKETSTORM", "id": "168287" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "db": "NVD", "id": "CVE-2022-1897" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-423551" }, { "db": "PACKETSTORM", "id": "168222" }, { "db": "PACKETSTORM", "id": "168022" }, { "db": "PACKETSTORM", "id": "169443" }, { "db": "PACKETSTORM", "id": "172122" }, { "db": "PACKETSTORM", "id": "168284" }, { "db": "PACKETSTORM", "id": "168287" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "db": "NVD", "id": "CVE-2022-1897" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-27T00:00:00", "db": "VULHUB", "id": "VHN-423551" }, { "date": "2022-09-01T16:33:07", "db": "PACKETSTORM", "id": "168222" }, { "date": "2022-08-10T15:50:41", "db": "PACKETSTORM", "id": "168022" }, { "date": "2022-10-20T14:21:57", "db": "PACKETSTORM", "id": "169443" }, { "date": "2023-05-03T15:29:00", "db": "PACKETSTORM", "id": "172122" }, { "date": "2022-09-07T16:57:47", "db": "PACKETSTORM", "id": "168284" }, { "date": "2022-09-07T17:07:14", "db": "PACKETSTORM", "id": "168287" }, { "date": "2022-12-02T15:57:08", "db": "PACKETSTORM", "id": "170083" }, { "date": "2023-01-26T15:29:09", "db": "PACKETSTORM", "id": "170741" }, { "date": "2022-05-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "date": "2022-05-27T15:15:07.620000", "db": "NVD", "id": "CVE-2022-1897" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-03T00:00:00", "db": "VULHUB", "id": "VHN-423551" }, { "date": "2023-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-4246" }, { "date": "2023-11-07T03:42:16.290000", "db": "NVD", "id": "CVE-2022-1897" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-4246" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vim Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-4246" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-4246" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.