Description:

Red Hat has released security alerts to address several vulnerabilities in the following products:

• Red Hat Enterprise Linux for ARM 64 - Extended Update Support
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support
• Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates
• Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support
• Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates
• Red Hat Enterprise Linux for Power, little endianRed Hat Enterprise Linux for ARM 64 - Extended Update Support
• Red Hat Enterprise Linux for x86_64 - Extended Update Support
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
• Red Hat Enterprise Linux for Power, big endian
• Red Hat Enterprise Linux for Scientific Computing
• Red Hat Enterprise Linux for Power, little endian

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• OS command injection
• Integer overflow
• Heap corruption
• Remote code execution
• Broken Access Control
• Modify memory allocation
• Denial of Service DOS

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and update the affected products:

• https://access.redhat.com/errata/RHSA-2023:4324
• https://access.redhat.com/errata/RHSA-2023:4326
• https://access.redhat.com/errata/RHSA-2023:4329
• https://access.redhat.com/errata/RHSA-2023:4160
• https://access.redhat.com/errata/RHSA-2023:4332