Description:

Red Hat has released security updates to address several vulnerabilities in the following products:

• thunderbird
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
• OpenShift Virtualization 4.8.0 Images
  • Red Hat Container Native Virtualization 4.8 for RHEL 8 x86_64
• OpenShift Container Platform 4.8.2 packages
  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x
• OpenShift Container Platform 4.8.2
  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x
• rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
• rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Unauthorized disclosure of information

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2021:2914
• https://access.redhat.com/errata/RHSA-2021:2920
• https://access.redhat.com/errata/RHSA-2021:2437
• https://access.redhat.com/errata/RHSA-2021:2438
• https://access.redhat.com/errata/RHSA-2021:2931
• https://access.redhat.com/errata/RHSA-2021:2932