A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
Category Archives: Advisories
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3414
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session.
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
libtar-1.2.20-25.fc35
FEDORA-2022-fe1a4e3cf0
Packages in this update:
libtar-1.2.20-25.fc35
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc36
FEDORA-2022-50e8a1b51d
Packages in this update:
libtar-1.2.20-25.fc36
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc37
FEDORA-2022-44a20bba43
Packages in this update:
libtar-1.2.20-25.fc37
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)