versions prior to 21.1R1-S2, 21.2 versions prior to 21.2R1-S3; 22.1 versions prior to 22.1R1-S2; 22.2 versions prior to 22.2R1; 22.3 versions prior to 22.3R1; 22.4 versions prior to 22.4R1; and 22.5 versions prior to 22.5R1-S1. Red Hat Enterprise Linux 7.4 versions prior to 7.4-lp151.0.11.2, Red Hat Enterprise Linux 7.5 versions prior to 7.5-lp151.0.11.2, Red Hat Enterprise Linux 7.6 versions prior to 7.6-lp151.0.11.2, Red Hat Enterprise Linux 7.7 versions prior to 7.7-lp151.0.11.2, Red Hat Enterprise Linux 7.8 versions prior to 7.8-lp151.0.11.2, Red Hat Enterprise Linux 7.9 versions prior to 7.9-lp151.0.11.2, Red Hat Enterprise Linux 7.10 versions prior to 7.10-lp151.0.11.2. Red Hat Enterprise Linux 8.0 versions prior to 8.0-lp151.0.11.2, Red Hat Enterprise Linux 8.1 versions prior to 8.1-lp151.0.11.2
Description of the vulnerability
A Red Hat security team has identified a public CVE (CVE-2022-22220) that is related to an issue in the OpenSSL cryptographic library. The issue was found on systems running certain versions of the following Red Hat Enterprise Linux 7 releases:
Red Hat Enterprise Linux 7.4 versions prior to 7.4-lp151.0.11.2,
Red Hat Enterprise Linux 7.5 versions prior to 7.5-lp151.0.11.2,
Red Hat Enterprise Linux 7.6 versions prior to 7.6-lp151.0.11.2,
Red Hat Enterprise Linux 7.7 versions prior to 7.7-lp151.0.11.2,
Red Hat Enterprise Linux 7.8 versions prior to 7.8-lp151 .0 . 11 . 2 ,
Red Hat Enterprise Linux 7 . 9 versions prior to 7 . 9 - lp 151 . 0 . 1 1 . 2 ,
redhat enterprise linux 8 5 6 6 14 release 2 and 8 5 6 6 15 release 2
Description of the fourteen vulnerabilities
It is possible for a remote attacker to take over the management of a targeted system by exploiting these vulnerabilities. The exploitation of these vulnerabilities could allow the attacker to perform unauthorized activities that lead to a denial of service (DoS) condition and possibly result in unauthorized disclosure or modification of sensitive information retrieved from the targeted system.
Red Hat Enterprise Linux 7.4, Red Hat Enterprise Linux 7.5, Red Hat Enterprise Linux 7.6, Red Hat Enterprise Linux 7.7, Red Hat Enterprise Linux 7.8, Red Hat Enterprise Linux 7.9, Red Hat Enterprise Linux 7.10 versions prior to 7.10-lp151.0.11.2
References:
Red Hat Security Advisory RHSA-2018:0234
Red Hat is issuing this advisory to provide the following updates for Red Hat Enterprise Linux 7, 8, and 9:
Updates for Red Hat Enterprise Linux 7.4 through 7.9 with kernel versions up to and including lp151.0.11.2 are now available from Red Hat Customer Portal
This update fixes several security issues that have been published since the July 2018 release of Red Hat Enterprise Linux 7.4 - CVE-2022-22220, CVE-2022-23200, CVE-2022-23201, CVE-2022-23202, CVE-2022-23203, CVE-2022-23204, CVE-2022-23205
This update also fixes the security issue described in Red Hat Security Advisory RHSA-2018:0234
The most severe vulnerability in this update affects systems running a vulnerable version of kernel but currently not all vulnerable versions are part of the fix so customers who require an updated kernel should contact their support organization as soon as possible.
Introduction
A vulnerability has been identified in the following Red Hat Enterprise Linux 7 products and versions: RHEL 7.4 versions prior to 7.4-lp151.0.11.2, RHEL 7.5 versions prior to 7.5-lp151.0.11.2, RHEL 7.6 versions prior to 7.6-lp151.0.11.2, RHEL 7.7 versions prior to 7.7-lp151.0.11 .2, RHEL 7 .8 versions prior to 7 .8-lp151 .0 .11 .2, Red Hat Enterprise Linux 8 .0 versions prior to 8 .0-lp151 .0 .11 .2, and Red Hat Enterprise Linux 8 1 versions prior to 8 1 -lp151 . 0
Timeline
Published on: 10/18/2022 03:15:00 UTC
Last modified on: 10/20/2022 20:21:00 UTC