Red Hat Updates
1900Warning Date
Severity Level
Warning Number
Target Sector
21 December, 2021
● High
2021-4107
All
Description:
Red Hat has released security updates to address several vulnerabilities in the following products:
- log4j
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.6 x86_64
- Red Hat Enterprise Linux Server - AUS 7.4 x86_64
- Red Hat Enterprise Linux Server - AUS 7.3 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 7.6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
- Red Hat Single Sign-On 7.5.0
- Red Hat Single Sign-On Text-Only Advisories x86_64
- Red Hat Single Sign-On 7.5 for RHEL 7 x86_64
- Red Hat Single Sign-On
- Red Hat Single Sign-On 7.5 for RHEL 8 x86_64
Threats:
- Incorrect authorization allows unprivileged users to create other users
- An attacker could exploit this vulnerability by executing arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review Red Hat security advisory and apply the necessary updates: