Your review has been sent successfully

Red Hat Alert

2615
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

7 February, 2023

● High

2023-5440

All

Description:

Red Hat has released security alerts to address several vulnerabilities in the following product:

  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support
  • Red Hat CodeReady Linux Builder for x86_64 - Extended - Update Support
  • Red Hat Enterprise Linux Desktop
  • Red Hat Enterprise Linux for ARM 64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update - Support
  • Red Hat Enterprise Linux for IBM z Systems
  • Red Hat Enterprise Linux for IBM z Systems - Extended - Update Support
  • Red Hat Enterprise Linux for Power, little endian
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support
  • Red Hat Enterprise Linux for x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update - Support
  • Red Hat Enterprise Linux for x86_64 - Update Services - for SAP Solutions
  • Red Hat Enterprise Linux Server - AUS
  • Red Hat Enterprise Linux Server - TUS
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of - updates
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 - years of updates
  • Red Hat Enterprise Linux Server for Power LE - Update - Services for SAP Solutions
  • Red Hat Enterprise Linux Workstation
  • Red Hat Software Collections (for RHEL Server for IBM Power LE)
  • Red Hat Software Collections (for RHEL Server for System Z)
  • Red Hat Software Collections (for RHEL Server)
  • Red Hat Software Collections (for RHEL Workstation)
Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Integer overflow leading to Remote Code Execution
  • Heap overflow leading to Remote Code Execution

Compromise integrity of Mail Signature because certificate OCSP revocation status was not checked when verifying S/Mime signatures. Thus, Mail signed with a revoked certificate would be displayed as having a valid signature.

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and update the affected product:

  • https://access.redhat.com/errata/RHSA-2023:0592
  • https://access.redhat.com/errata/RHSA-2023:0593
  • https://access.redhat.com/errata/RHSA-2023:0594
  • https://access.redhat.com/errata/RHSA-2023:0597
  • https://access.redhat.com/errata/RHSA-2023:0599
  • https://access.redhat.com/errata/RHSA-2023:0600
  • https://access.redhat.com/errata/RHSA-2023:0601
  • https://access.redhat.com/errata/RHSA-2023:0602
  • https://access.redhat.com/errata/RHSA-2023:0603
  • https://access.redhat.com/errata/RHSA-2023:0605
  • https://access.redhat.com/errata/RHSA-2023:0606
  • https://access.redhat.com/errata/RHSA-2023:0607
  • https://access.redhat.com/errata/RHSA-2023:0608
  • https://access.redhat.com/errata/RHSA-2023:0609
  • https://access.redhat.com/errata/RHSA-2023:0610

https://access.redhat.com/errata/RHSA-2023:0611

Last updated at 7 February, 2023

Rate the content

rate-icon
up icon