Description:

Red Hat has released security updates to address several vulnerabilities in the following products:

• kpatch-patch
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
• kernel
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• kernel-rt
  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
• Red Hat Ceph Storage 3
  • Red Hat Ceph Storage - Extended Life Cycle Support 3 x86_64
  • Red Hat Ceph Storage MON - Extended Life Cycle Support 3 x86_64
  • Red Hat Ceph Storage OSD - Extended Life Cycle Support 3 x86_64
  • Red Hat Ceph Storage - Extended Life Cycle Support for IBM Power, little endian 3 ppc64le
  • Red Hat Ceph Storage MON - Extended Life Cycle Support for IBM Power, little endian 3 ppc64le
  • Red Hat Ceph Storage OSD - Extended Life Cycle Support for IBM Power, little endian 3 ppc64le

Threats:

An attacker could exploit these vulnerabilities by:

• Executing arbitrary code
• Escalation of privilege

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2022:1418
• https://access.redhat.com/errata/RHSA-2022:1417
• https://access.redhat.com/errata/RHSA-2022:1417
• https://access.redhat.com/errata/RHSA-2022:1394