|
var-200512-0299
|
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes. Apple has released Security Update 2006-001 to address multiple remote and local Mac OS X vulnerabilities.
Apple has also released updates to address these issues. There is a directory traversal vulnerability in the implementation of this framework.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-053A
Apple Mac OS X Safari Command Execution Vulnerability
Original release date: February 22, 2006
Last revised: --
Source: US-CERT
Systems Affected
Apple Safari running on Mac OS X
Overview
A file type determination vulnerability in Apple Safari could allow a
remote attacker to execute arbitrary commands on a vulnerable system.
I.
Details are available in the following Vulnerability Note:
VU#999708 - Apple Safari may automatically execute arbitrary shell
commands
II. Impact
A remote, unauthenticated attacker could execute arbitrary commands
with the privileges of the user running Safari. If the user is logged
on with administrative privileges, the attacker could take complete
control of an affected system.
III. Solution
Since there is no known patch for this issue at this time, US-CERT is
recommending a workaround. References
* US-CERT Vulnerability Note VU#999708 -
<http://www.kb.cert.org/vuls/id/999708>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#sgeneral>
* Apple - Mac OS X - Safari RSS -
<http://www.apple.com/macosx/features/safari/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-053A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-053A Feedback VU#999708" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Feb 22, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ/zKN30pj593lg50AQJgoQf/ZajorZz/6quzA40dc8cLxIBT70xcClH5
CKDN5nMXl1mRYYkDPF07GbcWL3lWarW5Hif0OiZfazaGNC3p9v4ZxDx/dW/ZmsYo
eDznsNWNphKB6yBSIbOUSfGyh/I7pQlG3qxXRWDTA9nVK12KIkvAAoPTgBe40obu
+x58gK5/ib4d+dEZ8F9SbO7/syYtcAzfzS2HrBYhG1lWWLYTaNC3hyI2nXF5lNV/
ymwaPv0ivAB9rpalus+KkajjiV5+J08dj+1JwgwcSpvuNMQ5c/8RCIILP+1bR+CL
lScvGuSRYk4S0QI9nmCDvwD52sluiwp2VO1atTQ1zcgpwhvLRGo3DQ==
=P2/3
-----END PGP SIGNATURE-----
. Details of the fixes are
available via the PHP web site (www.php.net). PHP ships with Mac OS
X but is disabled by default.
automount
CVE-ID: CVE-2006-0384
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Malicious network servers may cause a denial of service or
arbitrary code execution
Description: File servers on the local network may be able to cause
Mac OS X systems to mount file systems with reserved names. This
could cause the systems to become unresponsive, or possibly allow
arbitrary code delivered from the file servers to run on the target
system.
BOM
CVE-ID: CVE-2006-0391
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Directory traversal may occur while unpacking archives with
BOM
Description: The BOM framework handles the unpacking of certain
types of archives. This framework is vulnerable to a directory
traversal attack that can allow archived files to be unpacked into
arbitrary locations that are writable by the current user. This
update addresses the issue by properly sanitizing those paths.
Credit to Stephane Kardas of CERTA for reporting this issue.
Directory Services
CVE-ID: CVE-2005-2713, CVE-2005-2714
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Malicious local users may create and manipulate files as
root
Description: The passwd program is vulnerable to temporary file
attacks. This could lead to privilege elevation. This update
addresses the issue by anticipating a hostile environment and by
creating temporary files securely. Credit to Ilja van Sprundel of
Suresec LTD, vade79, and iDefense (idefense.com) for reporting this
issue.
FileVault
CVE-ID: CVE-2006-0386
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: FileVault may permit access to files during when it is
first enabled
Description: User directories are mounted in an unsafe fashion when
a FileVault image is created. This update secures the method in
which a FileVault image is created. This update addresses the issues by
correctly handling the conditions that may cause crashes. Credit to
OUSPG from the University of Oulu, NISCC, and CERT-FI for
coordinating and reporting this issue. This could cause the targeted application to
crash or execute arbitrary code. This update addresses the issue by
correctly handling these memory requests. This issue does not
affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of
Suresec LTD for reporting this issue.
Mail
CVE-ID: CVE-2006-0395
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Download Validation fails to warn about unsafe file types
Description: In Mac OS X v10.4 Tiger, when an email attachment is
double-clicked in Mail, Download Validation is used to warn the
user if the file type is not "safe". Certain techniques can be used
to disguise the file's type so that Download Validation is
bypassed. This update addresses the issue by presenting Download
Validation with the entire file, providing more information for
Download Validation to detect unknown or unsafe file types in
attachments.
perl
CVE-ID: CVE-2005-4217
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
Impact: Perl programs may fail to drop privileges
Description: When a perl program running as root attempts to switch
to another user ID, the operation may fail without notification to
the program. This may cause a program to continue to run with root
privileges, assuming they have been dropped. This can cause
security issues in third-party tools. This update addresses the
issue by preventing such applications from continuing if the
operation fails. This issue does not affect Mac OS X v10.4 or later
systems. Credit to Jason Self for reporting this issue. It may be possible for a malicious user with
access to an rsync server to cause denial of service or code
execution. This update addresses the problem by ensuring that the
destination buffer is large enough to hold the extended attributes.
This issue does not affect systems prior to Mac OS X v10.4. Credit
to Jan-Derk Bakker for reporting this issue. This update
addresses the issue by preventing the condition causing the
overflow. Credit to Suresec LTD for reporting this issue. This update addresses the issue by performing additional
bounds checking. An issue involving HTTP
redirection can cause the browser to access a local file, bypassing
certain restrictions. This update addresses the issue by preventing
cross-domain HTTP redirects.
Safari, LaunchServices
CVE-ID: CVE-2006-0394
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a malicious web site may result in arbitrary code
execution
Description: It is possible to construct a file which appears to be
a safe file type, such as an image or movie, but is actually an
application. When the "Open `safe' files after downloading" option
is enabled in Safari's General preferences, visiting a malicious
web site may result in the automatic download and execution of such
a file. A proof-of-concept has been detected on public web sites
that demonstrates the automatic execution of shell scripts.
Syndication
CVE-ID: CVE-2006-0389
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Subscriptions to malicious RSS content can lead to
cross-site scripting
Description: Syndication (Safari RSS) may allow JavaScript code
embedded in feeds to run within the context of the RSS reader
document, allowing malicious feeds to circumvent Safari's security
model. This update addresses the issue by properly removing
JavaScript code from feeds. Syndication is only available in Mac OS
X v10.4 and later.
The following security enhancements are also included in this update:
FileVault: AES-128 encrypted FileVault disk images are now created
with more restrictive operating system permissions. Credit to Eric
Hall of DarkArt Consulting Services for reporting this issue.
iChat: A malicious application named Leap.A that attempts to
propagate using iChat has been detected.
Users should use caution when opening files that are obtained from
the network. Further information is available via:
http://docs.info.apple.com/article.html?artnum=108009
Security Update 2006-001 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5
The download file is named: "SecUpd2006-001Ti.dmg"
Its SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439
For Mac OS X v10.4.5 (Intel)
The download file is named: "SecUpd2006-001Intel.dmg"
Its SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5
For Mac OS X v10.3.9
The download file is named: "SecUpd2006-001Pan.dmg"
Its SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433
For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2006-001Pan.dmg"
Its SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)
iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe
cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4
i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI
9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus
SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j
TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw==
=1Ww0
-----END PGP SIGNATURE-----
|
|
var-202212-2277
|
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. OpenvSwitch Exists in an integer underflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7.
For the stable distribution (bullseye), these problems have been fixed in
version 2.15.0+ds1-2+deb11u2.
We recommend that you upgrade your openvswitch packages.
For the detailed security status of openvswitch please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvswitch
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPBrj0ACgkQEMKTtsN8
TjbVVw/+OXr/AQa61Y04slO3uhOLOa+llhszDFjIGlWFWlqMEg7CItYhqEdAf3nC
elZy2/wqtv4VIMrz8IW+qDWSMkitgjWqbmn3dG92VhcLFD3Dq1RGXg3B8x22MMtG
sBGYIfUPhDbG97NE4tqr2itN0ubl9Z8mnOFVv3D9eqxJT3df9WXMVZpX+jHiSMU3
uLLhHor9rRBWpu3DEW5Cc6jLLghuN2FS2FADiUtf5MLAUk7gR1CRqOQm+41yNoBP
qBF/C+OqJpHSitbVDtJjKacv/VUVgMzHt9Xf1gMNldLan9rO1MYkZaKkSuC+U5G5
Kpj55we0LM/zAKRVnGFPk6QQUWHSCMG4Ae4+pRAWBX7ofwY38C6sxhUS+C9vMYao
9sFZuWvKFElyQPgI/NVsUNDxYPGHRFxOXWgDyxDxNIBhf8s7QzgQBoegaaJ7A1LK
4lhUsG7xQ1dmJRsB8jtYXR8v/QBNvnoU+JG1yi8yUPfD+VvAgnulKpWy/u12EVZB
Rot9tG39oZO0ReDGk6g/fLyHFo74gCGsjNZCHUzuk3q+axJnAH1z9Ss2Qp3g6snB
o6Ku0ZxfN2hp4ylv/jXjNAP8jnQ3S94DJVZiJwlakzJD6J3pYdKzL7NWKuXhyjrA
mOdQJnpZSKLr546Av5tAqoXvHCvmfTWPdbvST7cFraWs2X2StpE=
=a4Zt
-----END PGP SIGNATURE-----
. JIRA issues fixed (https://issues.jboss.org/):
OCPBUGS-4778 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely
OCPBUGS-6260 - Catalog, fatal error: concurrent map read and map write
OCPBUGS-6637 - [4.12] Can't reach own service when egress netpol are enabled
OCPBUGS-6779 - WebScale: configure-ovs.sh fails because it picks the wrong default interface
OCPBUGS-6788 - [vsphere-problem-detector] fully qualified username must be used when checking permissions
OCPBUGS-6807 - Platform baremetal warnings during create image when fields not defined
OCPBUGS-6973 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1
OCPBUGS-7044 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy
OCPBUGS-7208 - When setting allowedRegistries urls the openshift-samples operator is degraded
OCPBUGS-7227 - update sdn 4.12 branch build config
OCPBUGS-7230 - [4.12] Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1
OCPBUGS-7285 - [4.12] Hypershift failing new SCC conformance tests
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.11.28 security update
Advisory ID: RHSA-2023:0774-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0774
Issue date: 2023-02-21
CVE Names: CVE-2021-4238 CVE-2021-38561 CVE-2022-2879
CVE-2022-2880 CVE-2022-4337 CVE-2022-4338
CVE-2022-23521 CVE-2022-41715 CVE-2022-41717
CVE-2022-41903
====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.11.28 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.11.28. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2023:0773
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as
random as they should be (CVE-2021-4238)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS
(CVE-2021-38561)
* golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
3. Solution:
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
You can download the oc tool and use it to inspect release image metadata
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests
can be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are:
(For x86_64 architecture)
The image digest is
sha256:85238bc3eddb88e958535597dbe8ec6f2aa88aa1713c2e1ee7faf88d1fefdac0
(For s390x architecture)
The image digest is
sha256:96528500690870b001c214ed0b142b5b375494ddfd99de274285ae6eacd318bb
(For ppc64le architecture)
The image digest is
sha256:0821035d379a4cab1147669bac5f42139b9839e780394e8586e29800e79789bd
(For aarch64 architecture)
The image digest is
sha256:a5c6196590d47b5ca8578e35c23da47cb103947271ab5deb21c8d258de62a777
All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
5. JIRA issues fixed (https://issues.jboss.org/):
OCPBUGS-3942 - Whereabouts CNI timesout while iterating exclude range [backport 4.11]
OCPBUGS-5245 - [release-4.11] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
OCPBUGS-6492 - Inconsistent user expeience for creating new projects after persmissions have been revoked
OCPBUGS-6851 - admin ack test nondeterministically does a check post-upgrade
OCPBUGS-7010 - [release-4.11] Egress FW ACL rules are invalid in dualstack mode
OCPBUGS-7319 - [4.11] [OVNK] Add support for service session affinity timeout
OCPBUGS-7330 - When setting allowedRegistries urls the openshift-samples operator is degraded
6. References:
https://access.redhat.com/security/cve/CVE-2021-4238
https://access.redhat.com/security/cve/CVE-2021-38561
https://access.redhat.com/security/cve/CVE-2022-2879
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-4337
https://access.redhat.com/security/cve/CVE-2022-4338
https://access.redhat.com/security/cve/CVE-2022-23521
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-41903
https://access.redhat.com/security/updates/classification/#important
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY/VhwtzjgjWX9erEAQieJhAAnVRuofPrL8tBs08OpHo0Rj3ZzV/KbN/7
27r8x4isOS52luUiYXbhOZVyhvD+CO0smH0XyDO4VKgSNq+3c9bn01ManYV0AG6L
6iHWfYDaiQ3BUhjxblbAjjQb4NvwzOaMUZ+ZUBq7SwBSNDRSvcrZQbkzoNpOqAxd
LyjaPOiPpinRp+rWO+TEX3/Lh9or4+Ga6LrqtXOWTqY8i/a0JDkX3RxB9I/0HkXa
4pqyAXADc/Ms7tKjTH3+guLkzDJFyF0XNPYI1lIxNCrBA1raXCB1AZbbdqcMDV8n
C6scF+X6jdSV4tSZ3xzHP1HCIMNHCoalMhBezpHIBO6thjZABCSM8zaoSi+GfnMc
hwSYg/M2j9GqgpW1m6cu9HH/UWKkFyNbywtoJi/tF0rfCrcg3sppD9Id5VOUbwOI
+kYycQIpmMdsFPW5ky87BGjzO3P+bd3W5hNWMUnecuDruZsItu/8XI/KWcFQhMEO
il6GMPdSFdoCkqcv3QIMfEnDsfEgIhC7LASwcb1JaBvNIsoIuWu8zk7TJrqrNTgd
nWGcfiUNOuNVaI1IyWRsd3/vZXSzO80PMbMckc7t1ONEbDka0siYGoN5WBrehZ7J
XcRHqpKQbRgrDwUjL9l6gJ16CoiS3+OCHyl4yIS1yBGadKQZGOqQ7Y54Pfc16rU9
j4PDiUFOyxc=DjOz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-200912-0756
|
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. CVE-2009-2994 Is a different vulnerability.by the attacker ' Array Bounds Problem ' Arbitrary code may be executed via vectors related to. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects Reader and Acrobat 9.2 and prior versions.
NOTE: This issue was previously covered in BID 37667 (Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities), but has been given its own record to better document it. An array indexing error vulnerability exists in Adobe Reader and Acrobat's 3difr.x3d when processing U3D CLOD Mesh Declaration blocks. Users tricked into opening a PDF document containing a specially crafted U3D model will trigger memory corruption, resulting in the execution of arbitrary instructions. The Adobe Reader browser plug-in is available for several web browsers and operating systems and will automatically open PDF documents on websites. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Adobe Reader/Acrobat Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA37690
VERIFY ADVISORY:
http://secunia.com/advisories/37690/
DESCRIPTION:
A vulnerability has been reported in Adobe Reader and Acrobat, which
can be exploited by malicious people to compromise a user's system.
NOTE: This vulnerability is currently being actively exploited.
SOLUTION:
Do not open untrusted PDF files.
Do not visit untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.3.4 >= 9.3.4
Description
===========
Multiple vulnerabilities were discovered in Adobe Reader. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.
Impact
======
A remote attacker might entice a user to open a specially crafted PDF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or bypass intended
sandbox restrictions, make cross-domain requests, inject arbitrary web
script or HTML, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
|
|
var-201210-0456
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the '2D' sub-component.
This vulnerability affects the following supported versions:
7 Update 7, 6 Update 35, 5.0 Update 36, 1.4.2_38, JavaFX 2.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update
Advisory ID: RHSA-2012:1466-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1466.html
Issue date: 2012-11-15
CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532
CVE-2012-1533 CVE-2012-1682 CVE-2012-3143
CVE-2012-3159 CVE-2012-3216 CVE-2012-4820
CVE-2012-4822 CVE-2012-4823 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5079
CVE-2012-5081 CVE-2012-5083 CVE-2012-5084
CVE-2012-5089
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2012-0547, CVE-2012-1531,
CVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068,
CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075,
CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR12 release. All running instances
of IBM Java must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
ppc:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
ppc64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.s390.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4820.html
https://www.redhat.com/security/data/cve/CVE-2012-4822.html
https://www.redhat.com/security/data/cve/CVE-2012-4823.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQpV4wXlSAg2UNWIIRAh3xAKCCtopCdB74QaM37wyC/DyniWhpLQCghJEj
Rm+cXgBdDZVQhZ96Ylamhpk=
=d/D8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and
Java for Mac OS X 10.6 Update 11
Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 are now
available and address the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_35
Description: Multiple vulnerabilities exist in Java 1.6.0_35, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_37.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5086
CVE-2012-5089
CVE-2012-5979
Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11
may be obtained from the Software Update pane in System Preferences,
Mac App Store, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: 2ca7594a6f7849b502715e8473cf46ef73570da6
For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: eff777cdc39b4e3336b3477f60e8ad769ded8532
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQfZ+bAAoJEPefwLHPlZEwF+YP/iVGN+CqCkLf7SavQUwyTQ08
a6+I34hefvCQcLCQ4EBYOzDXUJIlcH2azcGnvQsrrgWgpoE6ykqyj4fkpwLM0nF1
CfcSGOV8hmC2ZtR2PgJLcaP4FDKyNoOqLtKY6KtZnUQNcKBYcdM/y3OON9Zc0F2/
m/nQGnm3RfuXYXzSmTwJVKjuR1MkhUfZ9N6cwYUfjQC6cQaRs4tjeezd1jaobeXZ
lfk5Mo/kp3KTwAKsjdwqIThGX/UXdHQm9PnGfU9ktNv0429vKTX4VarPjyLsIeiO
GcBjfzRKzWYrbzTyKqKRAmtC/TcTnGJ8AfOjCP6HedeelJEbHB3iBb4ugqHzcPGG
ffZ9rZy8SMVppJyv3NeJJN86Kl3etdShmhj7maxyQUopDanpZQraaarkNlSYyLql
I0z4/IGX6W4Y2HYI+5wRchSewZi9mU9tw1HFZaoINaPBynEC0jihbeT5P9olX7mL
1OrWyPMPeaXtD9VRaSlV1WwPojJp26XrcWFUu6gqCOWRTzL0h83hNJrQJwTW7PrT
g6ryifMGItMkmOuINyniuUbz1PcOiQZ5VhtQn8XbvjX4BpGS6GJ4IAJ0rv9nSeON
PGv6JcpEAdjEdsChnDTGGTyUzQSN+HU/KTd7Jngg/Bu1v96ZAqrmVzFVkZi+6dtN
8KhhmiZ54RdiudmsUgFu
=TWGY
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03595351
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03595351
Version: 1
HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-12-12
Last Updated: 2012-12-12
Potential Security Impact: Remote unauthorized access, disclosure of
information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime
Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These
vulnerabilities could allow remote unauthorized access, disclosure of
information, and other exploits.
HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v7.0.03, v6.0.16
and v5.0.26 and earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8
CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2012-5073 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0
CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
NOTE: The following apply to both v7.0.03 and v6.0.16 and earlier:
CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071,
CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,
CVE-2012-5087, CVE-2012-5089
NOTE: The following apply to v5.0.26 and earlier: CVE-2012-1531,
CVE-2012-3143, CVE-2012-3216, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073,
CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,
CVE-2012-5084, CVE-2012-5085, CVE-2012-5089
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/java
HP-UX B.11.23, B.11.31
JDK and JRE v7.0.04 or subsequent
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.17 or subsequent
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v5.0.27 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v7.0 update to Java v7.0.04 or subsequent
For Java v6.0 update to Java v6.0.17 or subsequent
For Java v5.0 update to Java v5.0.27 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk70.JDK70-COM
Jdk70.JDK70-DEMO
Jdk70.JDK70-IPF32
Jdk70.JDK70-IPF64
Jre70.JRE70-COM
Jre70.JRE70-IPF32
Jre70.JRE70-IPF32-HS
Jre70.JRE70-IPF64
Jre70.JRE70-IPF64-HS
action: install revision 1.7.0.04.00 or subsequent
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk60.JDK60-COM
Jdk60.JDK60-DEMO
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.17.00 or subsequent
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk15.JDK15-COM
Jdk15.JDK15-DEMO
Jdk15.JDK15-IPF32
Jdk15.JDK15-IPF64
Jre15.JRE15-COM
Jre15.JRE15-COM-DOC
Jre15.JRE15-IPF32
Jre15.JRE15-IPF32-HS
Jre15.JRE15-IPF64
Jre15.JRE15-IPF64-HS
action: install revision 1.5.0.27.00 or subsequent
HP-UX B.11.11
HP-UX B.11.23
===========
Jdk60.JDK60-COM
Jdk60.JDK60-DEMO
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
Jre60.JRE60-COM
Jre60.JRE60-COM-DOC
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
action: install revision 1.6.0.17.00 or subsequent
HP-UX B.11.11
HP-UX B.11.23
===========
Jdk15.JDK15-COM
Jdk15.JDK15-DEMO
Jdk15.JDK15-PA20
Jdk15.JDK15-PA20W
Jre15.JRE15-COM
Jre15.JRE15-COM-DOC
Jre15.JRE15-PA20
Jre15.JRE15-PA20-HS
Jre15.JRE15-PA20W
Jre15.JRE15-PA20W-HS
action: install revision 1.5.0.27.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 12 December 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable!
2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 *
3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable!
4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 *
5 app-emulation/emul-linux-x86-java
< 1.7.0.51 >= 1.7.0.51 *
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages
Description
===========
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Impact
======
An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.
References
==========
[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================
Ubuntu Security Notice USN-1619-1
October 26, 2012
openjdk-6, openjdk-7 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK. An attacker could exploit these
to cause a denial of service.
These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)
Vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2012-5073, CVE-2012-5079)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. This issue only affected Ubuntu 12.10. An attacker could exploit these
to cause a denial of service. These issues only affected Ubuntu 12.10.
(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)
A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)
Please see the following for more information:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1
icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1
Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1
Ubuntu 11.10:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1
Ubuntu 11.04:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes |
|
var-200712-0433
|
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. Apple Common Unix Printing System (CUPS) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability when CUPS processes SNMP requests containing malformed data, and remote attackers may exploit this vulnerability to control the server. There is a symbol error in the asn1_get_string() function in the backend/snmp.c file of CUPS. ===========================================================
Ubuntu Security Notice USN-563-1 January 09, 2008
cupsys vulnerabilities
CVE-2007-5849, CVE-2007-6358
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.6
Ubuntu 6.10:
cupsys 1.2.4-2ubuntu3.2
Ubuntu 7.04:
cupsys 1.2.8-0ubuntu8.2
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.diff.gz
Size/MD5: 96854 c42f659f650a9c0d81bdb4f8ba7004bf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.dsc
Size/MD5: 1049 01c4bd2466a668f82bc852b2658e3f24
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.6_all.deb
Size/MD5: 996 b0b0b7b1a5b04ac737c6c1c506bf0a1d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 36242 0d64ba11e2e59e2f089fdb40efed1565
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 81910 3f9240a0ac855620f13662ecd48224d5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 2285594 073223e345043bfa56f5d173393cbbfe
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 6094 dcb63118059086cdf2fe9f66eab3c9ab
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 75942 d4483bb658545cbedcafa65e9a6ee045
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 25746 39cf872611b0f62f54b38953374b1c01
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_amd64.deb
Size/MD5: 128784 dbf0ce78d28f3a62d2ef67074a04facb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 34776 16593bfabe944044a1c0c87fd006111b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 77984 67af7dd120fda3fabd5bf1bcde0ecaa0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 2253134 7d5f6f3d3343cf0f4873042947c3265f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 6096 2b68e82e024d376d649cd3b3c14cf378
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 75008 b9b5873df6f6e12ca694404e0ae1397a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 25742 3d4a30e76a7ab05dddc49967c5af6206
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_i386.deb
Size/MD5: 121008 75fa970f801c819ca2e37f42ccda165a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 40466 e078800e5e94fa64a451cdbb8414acc3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 89536 b9a20806c2b91bd7370686ea3b8588da
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 2300252 9252b6866259c84e63ee4dba67083ed8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 6096 4d677d45da127c45c81ce3889a9256a7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 77702 2e05e968244b734744f1fce8ebfafb33
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 25752 9f7ba4ffc1c72e78047d983554e32512
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_powerpc.deb
Size/MD5: 126772 8246a4b5933201f0f247f30ab5a97944
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 35396 9193306b04ba1d9bcf0d22225cc839e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 78730 bce8c7563b87f3327a134c451364ce21
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 2286800 833891fe2b553542324e93bb306c9da4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 6098 700ed2ed4032bae2bc5f7ad1b0938f65
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 74964 84b65d7d0127cc488d2aed110b7d9086
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 25740 fa32e9fe9c0d429a1159e41b07d5964f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_sparc.deb
Size/MD5: 122514 1e818d01773b5bc86b9f56e8022d6863
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.diff.gz
Size/MD5: 110832 2971bd952368028e975fd00a20ce501b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.dsc
Size/MD5: 1059 e98ea8935c9ceed519d111d32e552586
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz
Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.2_all.deb
Size/MD5: 869636 834405f963c7a9ce3b3d69f09e1805fe
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 36710 d6b14470183b492c8a0695ae3cf5820d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 82508 1f22c18ad0618cae8fd9b161debe997c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 1480116 da71d67953ad08e275d92429aff51456
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 6122 869caee45ed45ef339c86eb51a114920
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 95102 8f5848eddffc362517e4ff676f835973
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 26142 8ec6a04b1c0389911e1f1dc9e5377536
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_amd64.deb
Size/MD5: 171840 f8215cbe5fe52dd32a598cbc7f27a8a1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 36264 c1ce097acea2435d13a0773986769641
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 80106 cbc3b76611aaece014e555a170dca185
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 1463248 4d326335153bdf16670b4d6b23309adb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 6122 f3ee8c280dffbcb1be2e30087818fc12
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 94910 b56efddf07944953ee6c93a357392ab5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 26140 062e3f1216765e325ed4bbc0dff04df5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_i386.deb
Size/MD5: 168962 ff967163df3e0c10338ebccecf816fa2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 41804 90c6b755b81eac7f64cffdc410781637
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 91146 93b16b2504ca56ca57ca562ccd109a42
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 1497758 d713cc8d5962474285cfcb8f4d5c9387
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 6126 61c3a759bc71ed557194b123ee547425
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 97286 e4da8af1c90ae24bd767317aa8cfcf4a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 26138 fcd8753ebf0b695dea0375e713a85ea2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_powerpc.deb
Size/MD5: 172252 27806a56e06673bd3fe961f650939193
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 36282 2b0888242ed98acf5f8214598a191ac4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 80234 819d971ba0a287fc39f8ffe60a8dea46
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 1488822 33280b196dd0f5e372c01f679fa6b92a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 6128 36f672bc145cc881f6ed0d501532c889
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 94144 b270ae4767e5a5a4f664686c688e4c83
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 26142 e951c05414d91657af1774951ff0b49c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_sparc.deb
Size/MD5: 168272 9c24a04995a400f1c868398d14b31740
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.diff.gz
Size/MD5: 155988 d5eeee8bb5b1be8f20732ddc15a146b7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.dsc
Size/MD5: 1143 0669aaa760ed047edc4f9a942882f01d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz
Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.2_all.deb
Size/MD5: 925994 663b23d61cc43e14a45a4079a1b53d14
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 37404 c857fcb86cf6fbc5a1fe7dcb93bcfc9c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 83234 cb15baea3370ad40ad903ecdd5c2a150
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 1638028 f9e0e6d0ab30836134b18e68f515aa24
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 56372 45a35748bebb147b1ece7fc2318fe5d5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 103904 3ec48e9e35555d39718da7dfa12296e1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 144844 d7a36d83f016f81978d77334df958abe
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_amd64.deb
Size/MD5: 181906 504d933b448fea5199083007de9def13
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 36728 a9d95dd94c95b39fba113bad0ba83d31
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 80756 002c4adb90d4aeb46f22cf043c2a3c5d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 1620614 dfd8630f8aa3bfc7a3603ab89376bbdc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 55450 15f5048b3543a2506d1b65937c145c10
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 103602 621c142a15a018a53fb4e1c731dd6273
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 139324 45c10a2df595a6e2d911e2ff3ab4a405
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_i386.deb
Size/MD5: 178200 41745eaf4b7e638c6294c0c7d272e91b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 46770 7b7c32c212787825b4c8ce5f23f11e9f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 101104 8a64784b5b11dbd2633de705b6803702
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 1695072 a9a974ada7cab231ed81c03a91ddc6fa
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 56224 859a93733a404b6336815740c704cb31
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 109462 b57a9c49d5a186cb0a90ceff60fe3e0c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 141176 03a25641a1d1f0cc3daaff277fc9a1fe
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_powerpc.deb
Size/MD5: 187796 4f7930d31e79c8e80c3002305f628abb
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 37776 4b82dbd83e2d0ab3b8a37a1819df2be0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 83754 ca7d3f04b938edf84d4495ee28401947
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 1658640 516e63f4be8670977ede42a5931f84d1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 54742 c393dd034b59bdb312caa88e6e5a2518
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 103154 cca146d09d3d96060aae19ed28c9bad0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 141756 8ac1af17f52affe05290eda3f632a5c2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_sparc.deb
Size/MD5: 177460 7a2e8e00865878da7823113b9c82fe96
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.diff.gz
Size/MD5: 123551 3081910dc48c0bf26861c418898424e5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.dsc
Size/MD5: 1218 31f9a51331fdef642f68181a96e48b90
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz
Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.3_all.deb
Size/MD5: 1080422 55bbe3cc2879bf863ea481de00a87d38
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 37090 c208eccfeb8c01c9c9cf69d533e48875
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 89264 d75e34c37e473f37049e9b8d56da85f9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 2033330 19317bd0287cd2ffb107a79cb10221b7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 59894 669b27a09c281c6627ac6f90cdaa9d6c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 46744 3bf6625d4362c0b737f8092a5ce5d8f2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 152012 918fb853dabc5e4f9b01d141a700cdd6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_amd64.deb
Size/MD5: 185064 9ba4383cca2c676c115f0896c4d3f7ac
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 36386 a9cc51dd1d0bfb023a1723094b5dc8fd
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 86266 a5a5f183b0072355dc7f6d7da0cc6150
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 2016958 1a403efd5824fdd4aabc01d6fd4be80d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 58630 05c449135359e5dff074bb09d35ab993
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 46096 190e2a501bcc471b47b19c0fab1e6faf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 145700 6bace8671d4aabfb12981f35bf90e3fd
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_i386.deb
Size/MD5: 181864 48bdde0f8e4419ed820aad223f04a78e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 46396 d418a342f7bcc3c62a00b6aaa91f6a55
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 107534 b5021ac12d34feaa894822833a80f96c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 2098076 ce2bbaac830121b2e332e1d6be7f2812
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 59338 a2e1ed47fc41b154279fa991d1b83b63
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 51684 5dc5292ba6c5957c6906a1ec10425389
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 146958 ca1a231a2fead08a3a291a98016ad164
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_powerpc.deb
Size/MD5: 190810 df39b95fd46271a4102fa86991687d87
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 37476 ad024b3c304fddd547f73533c2af353e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 89402 d43d4d7730511ae01ada631e49a33386
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 2059212 5d8c784938e35c99434a9aeec756c7f0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 57890 c16d91ecc08a9f644a4702694f061948
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 45426 9b43f0207dc35329c6b68a00f9470b27
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 148480 6475be7a82a097f3d1e650f2e1b34e4a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_sparc.deb
Size/MD5: 180882 aa0f56882aee8a313019fd9806cb96e2
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 18, 2007
Bugs: #199195, #201042, #201570
ID: 200712-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in CUPS, allowing for the
remote execution of arbitrary code and a Denial of Service.
Background
==========
CUPS provides a portable printing layer for UNIX-based operating
systems. The alternate pdftops filter is a CUPS filter used to convert
PDF files to the Postscript format via Poppler; the filter is installed
by default in Gentoo Linux. Elias Pipping (Gentoo) discovered that the alternate
pdftops filter creates temporary files with predictable file names when
reading from standard input (CVE-2007-6358). Furthermore, the
resolution of a Denial of Service vulnerability covered in GLSA
200703-28 introduced another Denial of Service vulnerability within SSL
handling (CVE-2007-4045). A local attacker could exploit the second
vulnerability to overwrite arbitrary files with the privileges of the
user running the CUPS spooler (usually lp) by using symlink attacks. A
remote attacker could cause a Denial of Service condition via the third
vulnerability when SSL is enabled in CUPS.
Workaround
==========
To disable SNMP support in CUPS, you have have to manually delete the
file "/usr/libexec/cups/backend/snmp". Please note that the file is
reinstalled if you merge CUPS again later. To disable the pdftops
filter, delete all lines referencing "pdftops" in CUPS' "mime.convs"
configuration file. To work around the third vulnerability, disable SSL
support via the corresponding USE flag.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4"
References
==========
[ 1 ] CVE-2007-4045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
[ 2 ] CVE-2007-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
[ 3 ] CVE-2007-6358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358
[ 4 ] GLSA 200703-28
http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200712-14.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Background
==========
AMD64 x86 emulation base libraries provides pre-compiled 32-bit
libraries.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/emul-linux-x86-baselibs
< 20140406-r1 >= 20140406-r1
Description
===========
Multiple vulnerabilities have been discovered in AMD64 x86 emulation
base libraries. Please review the CVE identifiers referenced below for
details.
Workaround
==========
There is no known workaround at this time. They are included in this advisory for the
sake of completeness. It is likely that your system is already no
longer affected by them. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1437-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cupsys
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-5849 CVE-2007-6358
Several local vulnerabilities have been discovered in the Common UNIX
Printing System.
This vulnerability is not exploitable in the default configuration.
For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch2.
The old stable distribution (sarge) is not affected by CVE-2007-5849.
The other issue doesn't warrant an update on it's own and has been
postponed.
For the unstable distribution (sid), these problems have been fixed in
version 1.3.5-1.
We recommend that you upgrade your cupsys packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 4.0 (stable)
- -------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc
Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz
Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb
Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb
Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHclSzXm3vHE4uyloRAqN4AJ446Cy9X2qGSIJqCKirOI2pWmEseACgygi1
mLr61xygMrJtafqG+L6vzQw=
=Kaoc
-----END PGP SIGNATURE-----
.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
e7b60799c6564dab2fac51c4f141dbe5 2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm
4c32071aad3f9098ea2dd2f9a1b7cd49 2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm
63d9a864863267cf2f4fddc02e095e06 2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm
1f4920904c759ce0e9abb3bbc8cdd594 2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm
b1ec7aa06c2be308ff9c2a63da1c7731 2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm
f383e8d9d10ca981e447dd6a01ee851d 2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm
f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b7553d0c3fbc26b3701b141c9b83d4f3 2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm
4a38d3105789f691876915a408b14238 2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm
66f5f00ec62eda88ad3bcc4a7c1bb9f8 2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm
8cb823e9208e3318df6856d6f604e915 2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm
87a2ecc7dea1d4df9dc375aaa08706df 2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm
80f26c35b1a9df435722fda1cbbf73a3 2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm
f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm
Mandriva Linux 2007.1:
211c3ad187609d5b780ff3fa5b49e444 2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm
7d40f786123cf00358798508bb62d3d3 2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm
0e5804893b2a9246b0e868c31b32b06b 2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm
338d3dec619d84e87f51bd7cfd16d8d2 2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm
8db18206adc7d5e06791544156b055b3 2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm
62132f4112ac2b0a2d12774d29bec0cb 2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm
4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
8c149f4c10733c9a9111160ae59ad925 2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm
4b1daf55b41af95a1cd84bebe942d560 2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm
5c5ca12c2c1acc4d4dbabdd1a724c6b6 2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm
c3b6080be7e3f4705a8a2a49bcffd444 2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm
e0b59e5053778c2ffa2f54e0b45d2d39 2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm
f55015ed699bf755c426f543c1663c68 2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm
4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
5e6c08849a88b069afaa97a41e9e960e 2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm
9572d60e8afebae8af024b1fe7209fb3 2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm
3f289e765d786c9e10ea5cfc21f73f6b 2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm
c0fd3de781ef4d6ed0f9e13cae53d883 2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm
610b6e72c3c11c6015f8177701156351 2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm
fb6ef9cab451a3133be7f76ba840b012 2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm
188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
402aea771b06142b45b722bff80f091e 2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm
f2455232cc2a9573ecec47ef56cdc597 2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm
37a5555a41d6fb417b21939c805664f2 2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm
ce9c705103f3818d9c5795c9870fe8ff 2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm
69cbe40728e22cc75aec77357f1afd05 2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm
383988eb5c94bb74024fdf374cb3b2be 2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm
188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm
Corporate 3.0:
22d8969d906321fbee18c2bbc85588d3 corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm
36304afe8bedfa972b100864a155c631 corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm
c769d1450268709318ca831aa61fb0e1 corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm
add323f4e6d19502d1784d8170b56158 corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm
1795159898f7d56792ccb5d2fa94f01d corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm
862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm
Corporate 3.0/X86_64:
4cc49531ae7c6e30a6119a96fd6e2be7 corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm
d99c41a39764138480fd0498fc08dc86 corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm
1217f6489b62f4f97272266a36ad1dcf corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm
37b559193f8165d5fb94f3dfb0a17002 corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm
29f3155a705199ddc18d4f07151ee0e5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm
862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm
Corporate 4.0:
2ff282c107a464893dceecd702a49fbb corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm
d40e3334925c3dfeb4cf69c9a81279da corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm
c0cd1b083354931223532a3f66708796 corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm
2cbac22995a55e1f2a2775c9b2f993ef corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm
6e2f4b34178fea2cf9fbc6d2ef23bb10 corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm
7013f9f6c6820f411bbece64eef74338 corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm
af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5b7647d72d7c6717fc66511d99dfb85d corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
4e2885508967804e2036312408b887a6 corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm
c2c7dcc9fe085e0763bfdb492fb75efc corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm
8638a23ea946526c960840507933c835 corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm
856b172bc91bbd802a821a775d45b6c9 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm
f97300e6f09ef8b08d1a0563a5c324f1 corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9
nEhVEeHY+sACGciJMKbk5+I=
=Qgcw
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
http://secunia.com/Linux_Security_Specialist/
----------------------------------------------------------------------
TITLE:
Gentoo update for cups
SECUNIA ADVISORY ID:
SA24660
VERIFY ADVISORY:
http://secunia.com/advisories/24660/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/
DESCRIPTION:
Gentoo has issued an update for cups.
For more information:
SA24517
SOLUTION:
Update to "net-print/cups-1.2.9" or later.
ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml
OTHER REFERENCES:
SA24517:
http://secunia.com/advisories/24517/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201904-1460
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product includes URL A cross-site scripting vulnerability exists due to a lack of validation processing.Information may be obtained and information may be altered. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A remote attacker could exploit this vulnerability via a specially crafted website to steal cross-origin image data. ==========================================================================
Ubuntu Security Notice USN-3828-1
November 27, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libjavascriptcoregtk-4.0-18 2.22.4-0ubuntu0.18.10.1
libwebkit2gtk-4.0-37 2.22.4-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.22.4-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.22.4-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3828-1
CVE-2018-4345, CVE-2018-4372, CVE-2018-4386
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.22.4-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.22.4-0ubuntu0.18.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-24-6 Additional information for
APPLE-SA-2018-9-17-3 tvOS 12
tvOS 12 addresses the following:
Auto Unlock
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Entry added September 24, 2018
Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
iTunes Store
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
Entry added September 24, 2018
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Safari
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu
of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,
Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug
Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western
Governor's University (WGU)
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2018-4345: an anonymous researcher
Entry added September 24, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
Entry added September 24, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
Entry added September 24, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
Entry added September 24, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
Entry added September 24, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by Google OSS-Fuzz
Entry added September 24, 2018
Additional recognition
Assets
We would like to acknowledge Brandon Azad for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T
K3H35Q//UwJyTZpRVx33z/T3GxYfFX9dxg2fwdkVFxCGWR/yGCL/pMwNH/UwerQH
qcdzG3VopySXXJy/goEJD+w+f8QNtueysfE7+MrYvogVD1OVALDc0xaZvudKmSoo
d0APBDtlkkLn4evwwpIYfl6Ikje/j40ZOfzSZ8+9hsoq6b+tkhSo8UC+hphUBi4L
lMshXi5OmekimBWgGdPGN77UQoFAJriMQHLppQ4x46qHuiMSAKHeCz+AdL4Xk1dh
fzdbizI4p7CssUzJHOPU61NPB28AoPsVJ8yEQpKDvHcnkPxtgtAzoIBWl0MwUCXg
OaT+8poN/HsMVJYtM2vi322IJGfMtcWtU/TJ1TbhAih6Bal2paIEj4zBirEXc9sF
dQyWB+EB8h+g4MtXyo6ax7OyO3UmRsISyCQhCNKWhXjTt4/9Q6xMbGxfW6X7EtHN
mgM/74rqkM53Tfy3kqywBDi90v4aNMUGdbYcK3YJldayW++K2J6OtxZZmflfYkbU
GTnAaEFIa0dLX/e+uqGRtz2F0K8mr9/9VwiwrH3et2FALvU6RyFLX7jqnKFyGpUp
LdXH6Mz6xBYS7Rg2vKVjUsHXlutpknmDxyx8Orirgb2gNHN97w8GDCnmOAd2euoL
HZdlwhs4SLaLqyNegbG3y3MD7gK8oRTZx3tXeJRmYV6UGp+d9QI=
=pj7d
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
.
CVE-2018-4329: Hugo S.
CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
Installation note:
Safari 12 may be obtained from the Mac App Store |
|
var-201806-1466
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-7-23-3 Additional information for
APPLE-SA-2018-06-01-4 iOS 11.4
iOS 11.4 addresses the following:
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4215: Abraham Masri (@cheesecakeufo)
Bluetooth
Available for: iPhone X, iPhone 8, iPhone 8 Plus,
iPad 6th generation, and iPad Air 2
Not impacted: HomePod
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham
Entry added July 23, 2018
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: A validation issue existed in the handling of phone
numbers. This issue was addressed with improved validation of phone
numbers.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)
FontParser
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in iBooks
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4202: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero
libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative
Magnifier
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
view the last image used in Magnifier from the lockscreen
Description: A permissions issue existed in Magnifier. This was
addressed with additional permission checks.
CVE-2018-4239: an anonymous researcher
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exfiltrate the contents of
S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This
issue was addressed with improved isolation of MIME in Mail.
CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences,
Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University
Bochum
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd
CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise
Solutions
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Users may be tracked by malicious websites using client
certificates
Description: An issue existed in the handling of S-MIME
certificaties. This issue was addressed with improved validation of
S-MIME certificates.
CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences,
Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University
Bochum
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
enable Siri from the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can
BIKMAZ (@CanBkmaz) of Mustafa Kemal University
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)
Siri Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4244: an anonymous researcher
UIKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4201: an anonymous researcher
CVE-2018-4218: Natalie Silvanovich of Google Project Zero
CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils
of MWR Labs working with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2018-4232: an anonymous researcher, Aymeric Chaib
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A race condition was addressed with improved locking.
CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4214: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working
with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4246: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: Credentials were unexpectedly sent when fetching CSS
mask images. This was addressed by using a CORS-enabled fetch method.
CVE-2018-4190: Jun Kokatsu (@shhnjk)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4222: Natalie Silvanovich of Google Project Zero
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 11.4".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ
iCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG
Xow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m
WmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq
GN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA
/RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr
KeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU
HsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G
wNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq
S6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb
gC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD
de6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE=
=nII0
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". ==========================================================================
Ubuntu Security Notice USN-3687-1
June 18, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.18.04.1
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3687-1
CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218,
CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.16.04.1
|
|
var-201501-0436
|
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04604357
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04604357
Version: 1
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent
running OpenSSL, Remote Disclosure of Information, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-03-19
Last Updated: 2015-03-19
Potential Security Impact: Remote disclosure of information, unauthorized
access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP IceWall SSO
Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:
The SSL vulnerability known as "FREAK", which could be exploited remotely to
allow disclosure of information.
Other vulnerabilities which could be exploited remotely resulting in
unauthorized access.
References:
CVE-2014-3570
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
SSRT101987
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
CVE-2014-3572 and CVE-2015-0204
HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version
10.0
HP IceWall Federation Agent Version 3.0
CVE-2014-3570 and CVE-2014-8275
HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to
resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and
Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could
be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP
IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to
the OpenSSL library bundled with the OS, and then follow the instructions in
step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,
and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please
download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For HP IceWall products running on RHEL and are using the OS bundled
OpenSSL, RHEL has provided patch or mitigation instructions at the following
location:
https://access.redhat.com/articles/1369543
Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch
for OpenSSL from the following location:
https://access.redhat.com/security/cve/CVE-2014-8275
4. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ
ctNumber=OPENSSL11I
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk
from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- If possible, do not use EXPORT-grade ciphers on the back-end web
servers.
HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch
release 2)
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If possible, do not use EXPORT-grade ciphers on the LDAP server.
IceWall Federation Agent
- If possible, use "bindings:HTTP-POST" instead of
"bindings:HTTP-Artifact" setting in the service provider meta file. The
"bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating
with IdP server.
Note: The HP IceWall product is only available in Japan.
HISTORY
Version:1 (rev.1) - 19 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
Softpaq:
http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-
4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-
4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch
applied, VMware cannot connect if security level is set to "Refuse insecure
connections". Updating VMware to the latest package on ftp.hp.com will solve
the problem.
The updated packages have been upgraded to the 1.0.0p version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
https://www.openssl.org/news/secadv_20150108.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm
51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm
aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm
c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm
fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm
ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb
LHbCdAkBpYHYSuaUwpiAu1w=
=ePa9
-----END PGP SIGNATURE-----
. Please order
the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO
from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management
Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from
the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components
bundled with the HP Matrix Operating Environment in the following HP Security
Bulletins. OpenSSL Security Advisory [08 Jan 2015]
=======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
=======================================================
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS
records with the same sequence number but for the next epoch. The memory leak
could be exploited by an attacker in a Denial of Service attack through memory
exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
provided an initial patch. Further analysis was performed by Matt Caswell of the
OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
==========================================================
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This
effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
=============================================================================
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
========================================================
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and
Tuomo Untinen from the Codenomicon CROSS program and reported to
OpenSSL on 1st December 2014 by NCSC-FI Vulnerability
Co-ordination. Another variant was independently reported to OpenSSL
on 12th December 2014 by Konrad Kraszewski from Google. Further
analysis was conducted and fixes were developed by Stephen Henson of
the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:
*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0066-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html
Issue date: 2015-01-20
Updated on: 2015-01-21
CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
CVE-2015-0206
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory of
a DTLS server. This flaw could
possibly affect certain OpenSSL library functionality, such as RSA
blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
An attacker could use these flaws to modify an X.509 certificate to produce
a certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the above issues. For the update to
take effect, all services linked to the OpenSSL library (such as httpd and
other SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites
1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix
1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues
1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record
1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification
1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.5.ppc.rpm
openssl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.5.s390.rpm
openssl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64:
openssl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-static-1.0.1e-34.el7_0.7.s390.rpm
openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3570
https://access.redhat.com/security/cve/CVE-2014-3571
https://access.redhat.com/security/cve/CVE-2014-3572
https://access.redhat.com/security/cve/CVE-2014-8275
https://access.redhat.com/security/cve/CVE-2015-0204
https://access.redhat.com/security/cve/CVE-2015-0205
https://access.redhat.com/security/cve/CVE-2015-0206
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150108.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X
ENFobdxQdJ+gVAiRe8Qf54A=
=wyAg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-200704-0226
|
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. This vulnerability may allow a local attacker execute commands with elevated privileges. A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including AFP Client, AirPortDriver module, CoreServices, Libinfo, Login Window, Natd, SMB, System Configuration, URLMount, VideoConference framework, WebDAV, and WebFoundation. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Gentoo update for mit-krb5
SECUNIA ADVISORY ID:
SA23903
VERIFY ADVISORY:
http://secunia.com/advisories/23903/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/
DESCRIPTION:
Gentoo has issued an update for krb5. This fixes some
vulnerabilities, which can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
For more information:
SA23690
SA23696
SOLUTION:
Update to "app-crypt/mit-krb5-1.5.2" or later.
ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml
OTHER REFERENCES:
SA23690:
http://secunia.com/advisories/23690/
SA235696:
http://secunia.com/advisories/23696/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201605-0465
|
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libxml2 security update
Advisory ID: RHSA-2016:1292-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292
Issue date: 2016-06-23
CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834
CVE-2016-1835 CVE-2016-1836 CVE-2016-1837
CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-3627 CVE-2016-3705 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449
=====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application. (CVE-2016-1834,
CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,
CVE-2016-4448, CVE-2016-4449)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2
library must be restarted, or the system rebooted.
5. Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-2.7.6-21.el6_8.1.ppc.rpm
libxml2-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-2.7.6-21.el6_8.1.s390.rpm
libxml2-2.7.6-21.el6_8.1.s390x.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm
libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64:
libxml2-2.9.1-6.el7_2.3.ppc.rpm
libxml2-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_2.3.s390.rpm
libxml2-2.9.1-6.el7_2.3.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm
libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-static-2.9.1-6.el7_2.3.s390.rpm
libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm
ZsVLEgJAF0Zt6xZVzqvVW7U=
=fREV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-2 iOS 9.3.2
iOS 9.3.2 is now available and addresses the following:
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A buffer overflow was addressed through improved size
validation.
CVE-ID
CVE-2016-1790 : Rapelly Akhil
CFNetwork Proxies
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
Disk Images
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to access contacts and photos from the the lock screen
Description: A state management issue existed when accessing Siri
results on the lock screen. This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3.2". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Multiple vulnerabilities
Date: January 16, 2017
Bugs: #564776, #566374, #572878, #573820, #577998, #582538,
#582540, #583888, #589816, #597112, #597114, #597116
ID: 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in libxml2, the worst of which
could lead to the execution of arbitrary code.
Background
==========
libxml2 is the XML (eXtended Markup Language) C parser and toolkit
initially developed for the Gnome project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
==========
[ 1 ] CVE-2015-1819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819
[ 2 ] CVE-2015-5312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312
[ 3 ] CVE-2015-7497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497
[ 4 ] CVE-2015-7498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498
[ 5 ] CVE-2015-7499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499
[ 6 ] CVE-2015-7500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500
[ 7 ] CVE-2015-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941
[ 8 ] CVE-2015-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942
[ 9 ] CVE-2015-8035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035
[ 10 ] CVE-2015-8242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242
[ 11 ] CVE-2015-8806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806
[ 12 ] CVE-2016-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836
[ 13 ] CVE-2016-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838
[ 14 ] CVE-2016-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839
[ 15 ] CVE-2016-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840
[ 16 ] CVE-2016-2073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073
[ 17 ] CVE-2016-3627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627
[ 18 ] CVE-2016-3705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705
[ 19 ] CVE-2016-4483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483
[ 20 ] CVE-2016-4658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658
[ 21 ] CVE-2016-5131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (jessie), these problems have been fixed in
version 2.9.1+dfsg1-5+deb8u2. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6.
Security Fix(es):
* This update fixes several flaws in OpenSSL. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6 |
|
var-202010-1510
|
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the optimization of calls to String.prototype.replace. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. 8) - aarch64, ppc64le, s390x, x86_64
3.
The following packages have been upgraded to a later upstream version:
accountsservice (0.6.55), webkit2gtk3 (2.30.4).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
837035 - Shortcuts -- alfanumeric vs numpad
1152037 - RFE: use virtio-scsi disk bus with discard='unmap' for guests that support it
1464902 - Crash in dls_async_task_complete
1671761 - Adding new workspaces is broken in gnome session under wayland
1700002 - adding several printers is stalling the printer plugin in GSD
1705392 - Changing screen resolution while recording screen will break the video.
1728632 - CVE-2019-13012 glib2: insecure permissions for files and directories
1728896 - glib2: 'keyfile' backend for gsettings not loaded
1765627 - Can't install both gnome-online-accounts-devel.i686 and gnome-online-accounts-devel.x86_64 on RHEL 8.1
1786496 - gnome-shell killed by SIGABRT in g_assertion_message_expr.cold.16()
1796916 - Notification appears with incorrect "system not registered - register to get updates" message on RHEL8.2 when locale is non-English
1802105 - rpm based extensions in RHEL8 should not receive updates from extensions.gnome.org
1833787 - Unable to disable onscreen keyboard in touch screen machine
1842229 - double-touch desktop icons fails sometimes
1845660 - JS WARNING from gnome-shell [MetaWindowX11]
1846376 - rebase accountsservice to latest release
1854290 - Physical device fails to wakeup via org.gnome.ScreenSaver D-Bus API
1860946 - gnome-shell logs AuthList property defined with 'let' or 'const'
1861357 - Login shows Exclamation Sign with no message for Caps Lock on
1861769 - Authentication fails when Wayland is enabled along with polyinstantiation of /tmp
1865718 - Right click menu is not translated into Japanese when desktop-icons extension is enabled
1870837 - gnome control-center and settings-daemon don't handle systems that are registered but have no attached entitlements properly
1871041 - on screen keyboard (OSK) does not disappear completely, part of OSK remains on the screen
1876291 - [ALL LANG] Unlocalized strings in About -> Register System.
1881312 - [Bug] gnome-shell errors in syslog
1883304 - Rebase to WebKitGTK 2.30
1883868 - [RFE] Dump JS stack trace by default when gnome-shell crashes
1886822 - License differs from actual
1888407 - Flatpak updates and removals get confused if same ref occurs in multiple remotes
1889411 - self-signed cert in owncloud: HTTP Error: Unacceptable TLS certificate
1889528 - [8.4] Right GLX stereo texture is potentially leaked for each closed window
1901212 - CVE-2020-13584 webkitgtk: use-after-free may lead to arbitrary code execution
1901214 - CVE-2020-9948 webkitgtk: type confusion may lead to arbitrary code execution
1901216 - CVE-2020-9951 webkitgtk: use-after-free may lead to arbitrary code execution
1901221 - CVE-2020-9983 webkitgtk: out-of-bounds write may lead to code execution
1903043 - gnome-control-center SEGFAULT at ../panels/printers/pp-printer-entry.c:280
1903568 - CVE-2020-13543 webkitgtk: use-after-free may lead to arbitrary code execution
1906499 - Nautilus creates invalid bookmarks for Samba shares
1918391 - gdm isn't killing the login screen on login after all
1919429 - Ship libdazzle-devel in CRB
1919432 - Ship libepubgen-devel in CRB
1919435 - Ship woff2-devel in CRB
1919467 - Mutter: mouse click doesn't work when using 10-bit graphic monitor
1921151 - [nvidia Ampere] stutters when using nouveau with llvmpipe
6. 8):
Source:
gamin-0.1.10-32.el8.src.rpm
glib2-2.56.4-9.el8.src.rpm
aarch64:
gamin-0.1.10-32.el8.aarch64.rpm
gamin-debuginfo-0.1.10-32.el8.aarch64.rpm
gamin-debugsource-0.1.10-32.el8.aarch64.rpm
glib2-2.56.4-9.el8.aarch64.rpm
glib2-debuginfo-2.56.4-9.el8.aarch64.rpm
glib2-debugsource-2.56.4-9.el8.aarch64.rpm
glib2-devel-2.56.4-9.el8.aarch64.rpm
glib2-devel-debuginfo-2.56.4-9.el8.aarch64.rpm
glib2-fam-2.56.4-9.el8.aarch64.rpm
glib2-fam-debuginfo-2.56.4-9.el8.aarch64.rpm
glib2-tests-2.56.4-9.el8.aarch64.rpm
glib2-tests-debuginfo-2.56.4-9.el8.aarch64.rpm
ppc64le:
gamin-0.1.10-32.el8.ppc64le.rpm
gamin-debuginfo-0.1.10-32.el8.ppc64le.rpm
gamin-debugsource-0.1.10-32.el8.ppc64le.rpm
glib2-2.56.4-9.el8.ppc64le.rpm
glib2-debuginfo-2.56.4-9.el8.ppc64le.rpm
glib2-debugsource-2.56.4-9.el8.ppc64le.rpm
glib2-devel-2.56.4-9.el8.ppc64le.rpm
glib2-devel-debuginfo-2.56.4-9.el8.ppc64le.rpm
glib2-fam-2.56.4-9.el8.ppc64le.rpm
glib2-fam-debuginfo-2.56.4-9.el8.ppc64le.rpm
glib2-tests-2.56.4-9.el8.ppc64le.rpm
glib2-tests-debuginfo-2.56.4-9.el8.ppc64le.rpm
s390x:
gamin-0.1.10-32.el8.s390x.rpm
gamin-debuginfo-0.1.10-32.el8.s390x.rpm
gamin-debugsource-0.1.10-32.el8.s390x.rpm
glib2-2.56.4-9.el8.s390x.rpm
glib2-debuginfo-2.56.4-9.el8.s390x.rpm
glib2-debugsource-2.56.4-9.el8.s390x.rpm
glib2-devel-2.56.4-9.el8.s390x.rpm
glib2-devel-debuginfo-2.56.4-9.el8.s390x.rpm
glib2-fam-2.56.4-9.el8.s390x.rpm
glib2-fam-debuginfo-2.56.4-9.el8.s390x.rpm
glib2-tests-2.56.4-9.el8.s390x.rpm
glib2-tests-debuginfo-2.56.4-9.el8.s390x.rpm
x86_64:
gamin-0.1.10-32.el8.i686.rpm
gamin-0.1.10-32.el8.x86_64.rpm
gamin-debuginfo-0.1.10-32.el8.i686.rpm
gamin-debuginfo-0.1.10-32.el8.x86_64.rpm
gamin-debugsource-0.1.10-32.el8.i686.rpm
gamin-debugsource-0.1.10-32.el8.x86_64.rpm
glib2-2.56.4-9.el8.i686.rpm
glib2-2.56.4-9.el8.x86_64.rpm
glib2-debuginfo-2.56.4-9.el8.i686.rpm
glib2-debuginfo-2.56.4-9.el8.x86_64.rpm
glib2-debugsource-2.56.4-9.el8.i686.rpm
glib2-debugsource-2.56.4-9.el8.x86_64.rpm
glib2-devel-2.56.4-9.el8.i686.rpm
glib2-devel-2.56.4-9.el8.x86_64.rpm
glib2-devel-debuginfo-2.56.4-9.el8.i686.rpm
glib2-devel-debuginfo-2.56.4-9.el8.x86_64.rpm
glib2-fam-2.56.4-9.el8.x86_64.rpm
glib2-fam-debuginfo-2.56.4-9.el8.i686.rpm
glib2-fam-debuginfo-2.56.4-9.el8.x86_64.rpm
glib2-tests-2.56.4-9.el8.x86_64.rpm
glib2-tests-debuginfo-2.56.4-9.el8.i686.rpm
glib2-tests-debuginfo-2.56.4-9.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update
Advisory ID: RHSA-2021:2479-01
Product: Red Hat OpenShift Container Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479
Issue date: 2021-06-17
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708
CVE-2019-3842 CVE-2019-9169 CVE-2019-13012
CVE-2019-14866 CVE-2019-25013 CVE-2020-8231
CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
CVE-2020-8927 CVE-2020-9948 CVE-2020-9951
CVE-2020-9983 CVE-2020-13434 CVE-2020-13543
CVE-2020-13584 CVE-2020-13776 CVE-2020-15358
CVE-2020-24977 CVE-2020-25659 CVE-2020-25678
CVE-2020-26116 CVE-2020-26137 CVE-2020-27618
CVE-2020-27619 CVE-2020-27783 CVE-2020-28196
CVE-2020-29361 CVE-2020-29362 CVE-2020-29363
CVE-2020-36242 CVE-2021-3139 CVE-2021-3177
CVE-2021-3326 CVE-2021-3449 CVE-2021-3450
CVE-2021-3528 CVE-2021-20305 CVE-2021-23239
CVE-2021-23240 CVE-2021-23336
====================================================================
1. Summary:
Updated images that fix one security issue and several bugs are now
available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat
Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform. Red Hat
OpenShift Container Storage is a highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* NooBaa: noobaa-operator leaking RPC AuthToken into log files
(CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Bug Fix(es):
* Currently, a newly restored PVC cannot be mounted if some of the
OpenShift Container Platform nodes are running on a version of Red Hat
Enterprise Linux which is less than 8.2, and the snapshot from which the
PVC was restored is deleted.
Workaround: Do not delete the snapshot from which the PVC was restored
until the restored PVC is deleted. (BZ#1962483)
* Previously, the default backingstore was not created on AWS S3 when
OpenShift Container Storage was deployed, due to incorrect identification
of AWS S3. With this update, the default backingstore gets created when
OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
* Previously, log messages were printed to the endpoint pod log even if the
debug option was not set. With this update, the log messages are printed to
the endpoint pod log only when the debug option is set. (BZ#1938106)
* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did
not register the pod IP on the monitor servers, and hence every mount on
the filesystem timed out, resulting in CephFS volume provisioning failure.
With this update, an argument `--public-addr=podIP` is added to the MDS pod
when the host network is not enabled, and hence the CephFS volume
provisioning does not fail. (BZ#1949558)
* Previously, OpenShift Container Storage 4.2 clusters were not updated
with the correct cache value, and hence MDSs in standby-replay might report
an oversized cache, as rook did not apply the `mds_cache_memory_limit`
argument during upgrades. With this update, the `mds_cache_memory_limit`
argument is applied during upgrades and the mds daemon operates normally.
(BZ#1951348)
* Previously, the coredumps were not generated in the correct location as
rook was setting the config option `log_file` to an empty string since
logging happened on stdout and not on the files, and hence Ceph read the
value of the `log_file` to build the dump path. With this update, rook does
not set the `log_file` and keeps Ceph's internal default, and hence the
coredumps are generated in the correct location and are accessible under
`/var/log/ceph/`. (BZ#1938049)
* Previously, Ceph became inaccessible, as the mons lose quorum if a mon
pod was drained while another mon was failing over. With this update,
voluntary mon drains are prevented while a mon is failing over, and hence
Ceph does not become inaccessible. (BZ#1946573)
* Previously, the mon quorum was at risk, as the operator could erroneously
remove the new mon if the operator was restarted during a mon failover.
With this update, the operator completes the same mon failover after the
operator is restarted, and hence the mon quorum is more reliable in the
node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these
new images from the Red Hat Container Registry.
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod
1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b
1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay
1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore
1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files
1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]
1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover
1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout
1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
5. References:
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-3842
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13012
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9948
https://access.redhat.com/security/cve/CVE-2020-9951
https://access.redhat.com/security/cve/CVE-2020-9983
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13543
https://access.redhat.com/security/cve/CVE-2020-13584
https://access.redhat.com/security/cve/CVE-2020-13776
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-24977
https://access.redhat.com/security/cve/CVE-2020-25659
https://access.redhat.com/security/cve/CVE-2020-25678
https://access.redhat.com/security/cve/CVE-2020-26116
https://access.redhat.com/security/cve/CVE-2020-26137
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-27783
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2020-36242
https://access.redhat.com/security/cve/CVE-2021-3139
https://access.redhat.com/security/cve/CVE-2021-3177
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-3528
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-23239
https://access.redhat.com/security/cve/CVE-2021-23240
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND
Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo
FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS
v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF
HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd
6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN
kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC
L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG
sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz
V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO
AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT
RCrstqAM5QQ=DHD0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
This update fixes the following bug among others:
* Previously, resources for the ClusterOperator were being created early in
the update process, which led to update failures when the ClusterOperator
had no status condition while Operators were updating. This bug fix changes
the timing of when these resources are created. As a result, updates can
take place without errors. (BZ#1959238)
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is
sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is
sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is
sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled"
1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go
1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list
1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits
1959238 - CVO creating cloud-controller-manager too early causing upgrade failures
1960103 - SR-IOV obliviously reboot the node
1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated
1962302 - packageserver clusteroperator does not set reason or message for Available condition
1962312 - Deployment considered unhealthy despite being available and at latest generation
1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone
1963115 - Test verify /run filesystem contents failing
5. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1328 - Port fix to 5.0.z for BZ-1945168
6. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1945703 - "Guest OS Info" availability in VMI describe is flaky
1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster
1963275 - migration controller null pointer dereference
1965099 - Live Migration double handoff to virt-handler causes connection failures
1965181 - CDI importer doesn't report AwaitingVDDK like it used to
1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod
1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs
1969756 - Windows VMs fail to start on air-gapped environments
1970372 - Virt-handler fails to verify container-disk
1973227 - segfault in virt-controller during pdb deletion
1974084 - 2.6.6 containers
1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]
1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration
1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner
1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i...
1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: December 23, 2020
Bugs: #755947
ID: 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3"
References
==========
[ 1 ] CVE-2020-13543
https://nvd.nist.gov/vuln/detail/CVE-2020-13543
[ 2 ] CVE-2020-13584
https://nvd.nist.gov/vuln/detail/CVE-2020-13584
[ 3 ] CVE-2020-9948
https://nvd.nist.gov/vuln/detail/CVE-2020-9948
[ 4 ] CVE-2020-9951
https://nvd.nist.gov/vuln/detail/CVE-2020-9951
[ 5 ] CVE-2020-9952
https://nvd.nist.gov/vuln/detail/CVE-2020-9952
[ 6 ] CVE-2020-9983
https://nvd.nist.gov/vuln/detail/CVE-2020-9983
[ 7 ] WSA-2020-0008
https://webkitgtk.org/security/WSA-2020-0008.html
[ 8 ] WSA-2020-0009
https://webkitgtk.org/security/WSA-2020-0009.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-5 Additional information for
APPLE-SA-2020-09-16-3 Safari 14.0
Safari 14.0 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT211845.
Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry updated November 12, 2020
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9983: zhunki
Additional recognition
Safari
We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren
(ryanpickren.com) for their assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
Safari 14.0 may be obtained from the Mac App Store |
|
var-201103-0114
|
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================
Ubuntu Security Notice USN-1113-1
April 18, 2011
postfix vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal
confidential information.
This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext
commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS:
postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10:
postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS:
postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS:
postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
CVE-2009-2939, CVE-2011-0411
Package Information:
https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1
https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3
https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130
ProFTPD uses a response pool after freeing it under
exceptional conditions, possibly leading to remote code
execution. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:
http://secunia.com/products/corporate/vim/section_179/
----------------------------------------------------------------------
TITLE:
Postfix "STARTTLS" Plaintext Injection Vulnerability
SECUNIA ADVISORY ID:
SA43646
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43646/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
RELEASE DATE:
2011-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/43646/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43646/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Postfix, which can be exploited
by malicious people to manipulate certain data.
The vulnerability is caused due to the TLS implementation not
properly clearing transport layer buffers when upgrading from
plaintext to ciphertext after receiving the "STARTTLS" command. This
can be exploited to insert arbitrary plaintext data (e.g. SMTP
commands) during the plaintext phase, which will then be executed
after upgrading to the TLS ciphertext phase.
The vulnerability is reported in version 2.2 and all releases prior
to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
SOLUTION:
Update to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.postfix.org/CVE-2011-0411.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Postfix: Multiple vulnerabilities
Date: June 25, 2012
Bugs: #358085, #366605
ID: 201206-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been found in Postfix, the worst of which possibly
allowing remote code execution.
Background
==========
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =
to
administer, and secure, as an alternative to the widely-used Sendmail
program.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
===========
A vulnerability have been discovered in Postfix. Please review the CVE
identifier referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Postfix users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
==========
[ 1 ] CVE-2011-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411
[ 2 ] CVE-2011-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-2939
The postinst script grants the postfix user write access to
/var/spool/postfix/pid, which might allow local users to
conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720
A heap-based read-only buffer overflow allows malicious
clients to crash the smtpd server process using a crafted SASL
authentication request.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw
5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG
2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW
DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN
jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue
YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=
=yCCp
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
OS X Lion v10.7.2 and Security Update 2011-006 is now available and
addresses the following:
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.20 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. CVE-2011-0419 does not affect OS X Lion systems. Further
information is available via the Apache web site at
http://httpd.apache.org/
CVE-ID
CVE-2011-0419
CVE-2011-3192
Application Firewall
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Executing a binary with a maliciously crafted name may lead
to arbitrary code execution with elevated privileges
Description: A format string vulnerability existed in Application
Firewall's debug logging.
CVE-ID
CVE-2011-0185 : an anonymous reporter
ATS
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A signedness issue existed in ATS' handling of Type 1
fonts. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3437
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: An out of bounds memory access issue existed in ATS'
handling of Type 1 fonts. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0229 : Will Dormann of the CERT/CC
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Applications which use the ATSFontDeactivate API may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: A buffer overflow issue existed in the
ATSFontDeactivate API.
CVE-ID
CVE-2011-0230 : Steven Michaud of Mozilla
BIND
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in BIND 9.7.3
Description: Multiple denial of service issues existed in BIND
9.7.3. These issues are addressed by updating BIND to version
9.7.3-P3.
CVE-ID
CVE-2011-1910
CVE-2011-2464
BIND
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in BIND
Description: Multiple denial of service issues existed in BIND.
These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
CVE-ID
CVE-2009-4022
CVE-2010-0097
CVE-2010-3613
CVE-2010-3614
CVE-2011-1910
CVE-2011-2464
Certificate Trust Policy
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.
Impact: Root certificates have been updated
Description: Several trusted certificates were added to the list of
system roots. Several existing certificates were updated to their
most recent version. The complete list of recognized system roots may
be viewed via the Keychain Access application.
CFNetwork
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Safari may store cookies it is not configured to accept
Description: A synchronization issue existed in CFNetwork's handling
of cookie policies. Safari's cookie preferences may not be honored,
allowing websites to set cookies that would be blocked were the
preference enforced. This update addresses the issue through improved
handling of cookie storage.
CVE-ID
CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin
C. Walker, and Stephen Creswell
CFNetwork
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of HTTP
cookies. When accessing a maliciously crafted HTTP or HTTPS URL,
CFNetwork could incorrectly send the cookies for a domain to a server
outside that domain. This issue does not affect systems prior to OS X
Lion.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted website or e-mail message may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue existed in CoreFoundation's
handling of string tokenization. This issue does not affect OS X Lion
systems. This update addresses the issue through improved bounds
checking.
CVE-ID
CVE-2011-0259 : Apple
CoreMedia
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the
disclosure of video data from another site
Description: A cross-origin issue existed in CoreMedia's handling of
cross-site redirects. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability
Research (MSVR)
CoreMedia
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of QuickTime movie files. These issues do not affect OS X
Lion systems.
CVE-ID
CVE-2011-0224 : Apple
CoreProcesses
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access to a system may partially
bypass the screen lock
Description: A system window, such as a VPN password prompt, that
appeared while the screen was locked may have accepted keystrokes
while the screen was locked. This issue is addressed by preventing
system windows from requesting keystrokes while the screen is locked.
This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-0260 : Clint Tseng of the University of Washington, Michael
Kobb, and Adam Kemp
CoreStorage
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Converting to FileVault does not erase all existing data
Description: After enabling FileVault, approximately 250MB at the
start of the volume was left unencrypted on the disk in an unused
area. Only data which was present on the volume before FileVault was
enabled was left unencrypted. This issue is addressed by erasing this
area when enabling FileVault, and on the first use of an encrypted
volume affected by this issue. This issue does not affect systems
prior to OS X Lion.
CVE-ID
CVE-2011-3212 : Judson Powers of ATC-NY
File Systems
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description: An issue existed in the handling of WebDAV volumes on
HTTPS servers. If the server presented a certificate chain that could
not be automatically verified, a warning was displayed and the
connection was closed. If the user clicked the "Continue" button in
the warning dialog, any certificate was accepted on the following
connection to that server. An attacker in a privileged network
position may have manipulated the connection to obtain sensitive
information or take action on the server on the user's behalf. This
update addresses the issue by validating that the certificate
received on the second connection is the same certificate originally
presented to the user.
CVE-ID
CVE-2011-3213 : Apple
IOGraphics
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: A person with physical access may be able to bypass the
screen lock
Description: An issue existed with the screen lock when used with
Apple Cinema Displays. When a password is required to wake from
sleep, a person with physical access may be able to access the system
without entering a password if the system is in display sleep mode.
This update addresses the issue by ensuring that the lock screen is
correctly activated in display sleep mode. This issue does not affect
OS X Lion systems.
CVE-ID
CVE-2011-3214 : Apple
iChat Server
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A remote attacker may cause the Jabber server to consume
system resources disproportionately
Description: An issue existed in the handling of XML external
entities in jabberd2, a server for the Extensible Messaging and
Presence Protocol (XMPP). jabberd2 expands external entities in
incoming requests. This allows an attacker to consume system
resources very quickly, denying service to legitimate users of the
server. This update addresses the issue by disabling entity expansion
in incoming requests.
CVE-ID
CVE-2011-1755
Kernel
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access may be able to access the
user's password
Description: A logic error in the kernel's DMA protection permitted
firewire DMA at loginwindow, boot, and shutdown, although not at
screen lock. This update addresses the issue by preventing firewire
DMA at all states where the user is not logged in.
CVE-ID
CVE-2011-3215 : Passware, Inc.
Kernel
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: An unprivileged user may be able to delete another user's
files in a shared directory
Description: A logic error existed in the kernel's handling of file
deletions in directories with the sticky bit.
CVE-ID
CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,
and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted website or e-mail message may
lead to an unexpected application termination or arbitrary code
execution
Description: An error handling issue existed when parsing a
nonstandard certificate revocation list extension.
CVE-ID
CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Mailman 2.1.14
Description: Multiple cross-site scripting issues existed in Mailman
2.1.14. These issues are addressed by improved encoding of characters
in HTML output. Further information is available via the Mailman site
at http://mail.python.org/pipermail/mailman-
announce/2011-February/000158.html This issue does not affect OS X
Lion systems.
CVE-ID
CVE-2011-0707
MediaKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Opening a maliciously crafted disk image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of disk images. These issues do not affect OS X Lion
systems.
CVE-ID
CVE-2011-3217 : Apple
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Any user may read another local user's password data
Description: An access control issue existed in Open Directory. This
issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and
Patrick Dunstan at defenseindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: An authenticated user may change that account's password
without providing the current password
Description: An access control issue existed in Open Directory. This
issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A user may be able to log in without a password
Description: When Open Directory is bound to an LDAPv3 server using
RFC2307 or custom mappings, such that there is no
AuthenticationAuthority attribute for a user, an LDAP user may be
allowed to log in without a password. This issue does not affect
systems prior to OS X Lion.
CVE-ID
CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,
Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and
Frederic Metoz of Institut de Biologie Structurale
PHP
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in FreeType's handling of
Type 1 fonts. This issue is addressed by updating FreeType to version
2.4.6. This issue does not affect systems prior to OS X Lion. Further
information is available via the FreeType site at
http://www.freetype.org/
CVE-ID
CVE-2011-0226
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in libpng 1.4.3
Description: libpng is updated to version 1.5.4 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in PHP 5.3.4
Description: PHP is updated to version 5.3.6 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. This issues do not affect OS X Lion systems. Further
information is available via the PHP website at http://www.php.net/
CVE-ID
CVE-2010-3436
CVE-2010-4645
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1092
CVE-2011-1153
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
postfix
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate
mail sessions, resulting in the disclosure of sensitive information
Description: A logic issue existed in Postfix in the handling of the
STARTTLS command. After receiving a STARTTLS command, Postfix may
process other plain-text commands. An attacker in a privileged
network position may manipulate the mail session to obtain sensitive
information from the encrypted traffic. This update addresses the
issue by clearing the command queue after processing a STARTTLS
command. This issue does not affect OS X Lion systems. Further
information is available via the Postfix site at
http://www.postfix.org/announcements/postfix-2.7.3.html
CVE-ID
CVE-2011-0411
python
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in python
Description: Multiple vulnerabilities existed in python, the most
serious of which may lead to arbitrary code execution. This update
addresses the issues by applying patches from the python project.
Further information is available via the python site at
http://www.python.org/download/releases/
CVE-ID
CVE-2010-1634
CVE-2010-2089
CVE-2011-1521
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSC
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSS
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSZ
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STTS
atoms in QuickTime movie files. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is resolved by removing the reference to an
online script. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
SMB File Server
Available for: OS X Lion v10.7 and v10.7.1,
OS X Lion Server v10.7 and v10.7.1
Impact: A guest user may browse shared folders
Description: An access control issue existed in the SMB File Server.
Disallowing guest access to the share point record for a folder
prevented the '_unknown' user from browsing the share point but not
guests (user 'nobody'). This issue is addressed by applying the
access control to the guest user. This issue does not affect systems
prior to OS X Lion.
CVE-ID
CVE-2011-3225
Tomcat
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Tomcat 6.0.24
Description: Tomcat is updated to version 6.0.32 to address multiple
vulnerabilities, the most serious of which may lead to a cross site
scripting attack. Tomcat is only provided on Mac OS X Server systems.
This issue does not affect OS X Lion systems. Further information is
available via the Tomcat site at http://tomcat.apache.org/
CVE-ID
CVE-2010-1157
CVE-2010-2227
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
CVE-2011-0534
User Documentation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate
App Store help content, leading to arbitrary code execution
Description: App Store help content was updated over HTTP. This
update addresses the issue by updating App Store help content over
HTTPS. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3224 : Aaron Sigel of vtty.com
Web Server
Available for: Mac OS X Server v10.6.8
Impact: Clients may be unable to access web services that require
digest authentication
Description: An issue in the handling of HTTP Digest authentication
was addressed. Users may be denied access to the server's resources,
when the server configuration should have allowed the access. This
issue does not represent a security risk, and was addressed to
facilitate the use of stronger authentication mechanisms. Systems
running OS X Lion Server are not affected by this issue.
X11
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in libpng
Description: Multiple vulnerabilities existed in libpng, the most
serious of which may lead to arbitrary code execution. These issues
are addressed by updating libpng to version 1.5.4 on OS Lion systems,
and to 1.2.46 on Mac OS X v10.6 systems. Further information is
available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
OS X Lion v10.7.2 also includes Safari 5.1.1. For information on
the security content of Safari 5.1.1, please visit:
http://support.apple.com/kb/HT5000
OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2011-006 or OS X v10.7.2.
For OS X Lion v10.7.1
The download file is named: MacOSXUpd10.7.2.dmg
Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229
For OS X Lion v10.7
The download file is named: MacOSXUpdCombo10.7.2.dmg
Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb
For OS X Lion Server v10.7.1
The download file is named: MacOSXServerUpd10.7.2.dmg
Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da
For OS X Lion Server v10.7
The download file is named: MacOSXServerUpdCombo10.7.2.dmg
Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a
For Mac OS X v10.6.8
The download file is named: SecUpd2011-006Snow.dmg
Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2011-006.dmg
Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3
TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md
/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U
ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4
sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG
69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=
=gsvn
-----END PGP SIGNATURE-----
|
|
var-201302-0262
|
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638. Adobe Flash Player Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2013-0638 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions.
Note: This issue was previously covered in BID 57907 (Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities), but has been given its own record to better document it. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0254-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0254.html
Issue date: 2013-02-13
CVE Names: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639
CVE-2013-0642 CVE-2013-0644 CVE-2013-0645
CVE-2013-0647 CVE-2013-0649 CVE-2013-1365
CVE-2013-1366 CVE-2013-1367 CVE-2013-1368
CVE-2013-1369 CVE-2013-1370 CVE-2013-1372
CVE-2013-1373 CVE-2013-1374
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-05,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content. (CVE-2013-0638,
CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647,
CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368,
CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
910570 - flash-plugin: multiple code execution flaws (APSB13-05)
910571 - CVE-2013-0637 flash-plugin: information disclosure flaw (APSB13-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.270-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.270-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.270-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.270-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.270-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.270-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.270-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.270-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.270-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.270-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-0637.html
https://www.redhat.com/security/data/cve/CVE-2013-0638.html
https://www.redhat.com/security/data/cve/CVE-2013-0639.html
https://www.redhat.com/security/data/cve/CVE-2013-0642.html
https://www.redhat.com/security/data/cve/CVE-2013-0644.html
https://www.redhat.com/security/data/cve/CVE-2013-0645.html
https://www.redhat.com/security/data/cve/CVE-2013-0647.html
https://www.redhat.com/security/data/cve/CVE-2013-0649.html
https://www.redhat.com/security/data/cve/CVE-2013-1365.html
https://www.redhat.com/security/data/cve/CVE-2013-1366.html
https://www.redhat.com/security/data/cve/CVE-2013-1367.html
https://www.redhat.com/security/data/cve/CVE-2013-1368.html
https://www.redhat.com/security/data/cve/CVE-2013-1369.html
https://www.redhat.com/security/data/cve/CVE-2013-1370.html
https://www.redhat.com/security/data/cve/CVE-2013-1372.html
https://www.redhat.com/security/data/cve/CVE-2013-1373.html
https://www.redhat.com/security/data/cve/CVE-2013-1374.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRG2NzXlSAg2UNWIIRAjGKAJ4lnleOpb7dBn8s/DCk7wAK9qbQJACgm3Vs
pnyD10c/hdKGIm0b1Kjv3eY=
=+cgh
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
SOLUTION:
Update to version 24.0.1312.70.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Please send
email to <cert@cert.org> with "TA13-043A Feedback VU#689711" in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player / AIR Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52166
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52166/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52166
RELEASE DATE:
2013-02-12
DISCUSS ADVISORY:
http://secunia.com/advisories/52166/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52166/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52166
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Flash Player and
AIR, which can be exploited by malicious people to disclose certain
sensitive information and compromise a user's system.
1) Some unspecified errors can be exploited to cause buffer
overflows.
2) Some use-after-free errors can be exploited to dereference already
freed memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to disclose certain
sensitive information.
Successful exploitation of vulnerabilities #1 through #5 may allow
execution of arbitrary code.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1, 2, 5) The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and
Fermin Serna, Google
3) The vendor credits Natalie Silvanovich, BlackBerry Security,
Research in Motion
4) The vendor credits Damian Put via iDefense
6) Reported by the vendor.
ORIGINAL ADVISORY:
Adobe (APSB13-05):
http://www.adobe.com/support/security/bulletins/apsb13-05.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201109-0201
|
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. Used in multiple products Webkit There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible.
Versions prior to Chrome 14.0.835.163 are vulnerable. Google Chrome is a web browser developed by Google (Google).
These could be used in a malicious web site to direct the user to a
spoofed site that visually appears to be a legitimate domain. This
issue is addressed through an improved domain name validity check.
This issue does not affect OS X systems. Third-party websites could set cookies if the "Block Cookies"
preference in Safari was set to the default setting of "From third
parties and advertisers".
CVE-ID
CVE-2012-0640 : nshah
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista,
XP SP2 or later
Impact: HTTP authentication credentials may be inadvertently
disclosed to another site
Description: If a site uses HTTP authentication and redirects to
another site, the authentication credentials may be sent to the other
site. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
iOS 5.1 Software Update is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers.
CVE-ID
CVE-2012-0641 : Erling Ellingsen of Facebook
HFS
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Mounting a maliciously crafted disk image may lead to a
device shutdown or arbitrary code execution
Description: An integer underflow existed with the handling of HFS
catalog files.
CVE-ID
CVE-2012-0642 : pod2g
Kernel
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious program could bypass sandbox restrictions
Description: A logic issue existed in the handling of debug system
calls. This may allow a malicious program to gain code execution in
other programs with the same user privileges.
CVE-ID
CVE-2012-0643 : 2012 iOS Jailbreak Dream Team
libresolv
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Applications that use the libresolv library may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An integer overflow existed in the handling of DNS
resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
Passcode Lock
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of slide
to dial gestures. This may allow a person with physical access to the
device to bypass the Passcode Lock screen.
CVE-ID
CVE-2012-0644 : Roland Kohler of the German Federal Ministry of
Economics and Technology
Safari
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Web page visits may be recorded in browser history even when
Private Browsing is active
Description: Safari's Private Browsing is designed to prevent
recording of a browsing session. Pages visited as a result of a site
using the JavaScript methods pushState or replaceState were recorded
in the browser history even when Private Browsing mode was active.
This issue is addressed by not recording such visits when Private
Browsing is active.
CVE-ID
CVE-2012-0585 : Eric Melville of American Express
Siri
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: An attacker with physical access to a locked phone could get
access to frontmost email message
Description: A design issue existed in Siri's lock screen
restrictions. If Siri was enabled for use on the lock screen, and
Mail was open with a message selected behind the lock screen, a voice
command could be used to send that message to an arbitrary recipient.
This issue is addressed by disabling forwarding of active messages
from the lock screen.
CVE-ID
CVE-2012-0645
VPN
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A maliciously crafted system configuration file may lead to
arbitrary code execution with system privileges
Description: A format string vulnerability existed in the handling
of racoon configuration files.
CVE-ID
CVE-2012-0646 : pod2g
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of cookies
Description: A cross-origin issue existed in WebKit, which may allow
cookies to be disclosed across origins.
CVE-ID
CVE-2011-3887 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website and dragging content
with the mouse may lead to a cross-site scripting attack
Description: A cross-origin issue existed in WebKit, which may allow
content to be dragged and dropped across origins.
CVE-ID
CVE-2012-0590 : Adam Barth of Google Chrome Security Team
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: Multiple cross-origin issues existed in WebKit.
CVE-ID
CVE-2011-3881 : Sergey Glazunov
CVE-2012-0586 : Sergey Glazunov
CVE-2012-0587 : Sergey Glazunov
CVE-2012-0588 : Jochen Eisinger of Google Chrome Team
CVE-2012-0589 : Alan Austin of polyvore.com
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-2833 : Apple
CVE-2011-2846 : Arthur Gerkis, miaubiz
CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense
VCP
CVE-2011-2857 : miaubiz
CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2867 : Dirk Schulze
CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google
Chrome Security Team using AddressSanitizer
CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2877 : miaubiz
CVE-2011-3885 : miaubiz
CVE-2011-3888 : miaubiz
CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative
CVE-2011-3908 : Aki Helin of OUSPG
CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu
CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2012-0591 : miaubiz, and Martin Barbella
CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day
Initiative
CVE-2012-0593 : Lei Zhang of the Chromium development community
CVE-2012-0594 : Adam Klein of the Chromium development community
CVE-2012-0595 : Apple
CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0597 : miaubiz
CVE-2012-0598 : Sergey Glazunov
CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com
CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google
Chrome, miaubiz, Aki Helin of OUSPG, Apple
CVE-2012-0601 : Apple
CVE-2012-0602 : Apple
CVE-2012-0603 : Apple
CVE-2012-0604 : Apple
CVE-2012-0605 : Apple
CVE-2012-0606 : Apple
CVE-2012-0607 : Apple
CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0611 : Martin Barbella using AddressSanitizer
CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0615 : Martin Barbella using AddressSanitizer
CVE-2012-0616 : miaubiz
CVE-2012-0617 : Martin Barbella using AddressSanitizer
CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0621 : Martin Barbella using AddressSanitizer
CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome
Security Team
CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0624 : Martin Barbella using AddressSanitizer
CVE-2012-0625 : Martin Barbella
CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0627 : Apple
CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of
Google Chrome Security Team using AddressSanitizer
CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0630 : Sergio Villar Senin of Igalia
CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using
AddressSanitizer
CVE-2012-0633 : Apple
CVE-2012-0635 : Julien Chaffraix of the Chromium development
community, Martin Barbella using AddressSanitizer
Installation note:
This update is only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "5.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq
4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM
bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY
RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90
HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6
7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=
=qPeE
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201111-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, V8: Multiple vulnerabilities
Date: November 01, 2011
Bugs: #351525, #353626, #354121, #356933, #357963, #358581,
#360399, #363629, #365125, #366335, #367013, #368649,
#370481, #373451, #373469, #377475, #377629, #380311,
#380897, #381713, #383251, #385649, #388461
ID: 201111-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code and local root privilege
escalation.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 15.0.874.102 >= 15.0.874.102
2 dev-lang/v8 < 3.5.10.22 >= 3.5.10.22
-------------------------------------------------------------------
2 affected packages
-------------------------------------------------------------------
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A local attacker could gain root privileges (CVE-2011-1444, fixed in
chromium-11.0.696.57).
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-15.0.874.102"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"
References
==========
[ 1 ] CVE-2011-2345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2345
[ 2 ] CVE-2011-2346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2346
[ 3 ] CVE-2011-2347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2347
[ 4 ] CVE-2011-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2348
[ 5 ] CVE-2011-2349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2349
[ 6 ] CVE-2011-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2350
[ 7 ] CVE-2011-2351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2351
[ 8 ] CVE-2011-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834
[ 9 ] CVE-2011-2835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2835
[ 10 ] CVE-2011-2837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2837
[ 11 ] CVE-2011-2838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2838
[ 12 ] CVE-2011-2839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2839
[ 13 ] CVE-2011-2840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2840
[ 14 ] CVE-2011-2841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2841
[ 15 ] CVE-2011-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2843
[ 16 ] CVE-2011-2844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2844
[ 17 ] CVE-2011-2845
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2845
[ 18 ] CVE-2011-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2846
[ 19 ] CVE-2011-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2847
[ 20 ] CVE-2011-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2848
[ 21 ] CVE-2011-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2849
[ 22 ] CVE-2011-2850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2850
[ 23 ] CVE-2011-2851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2851
[ 24 ] CVE-2011-2852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2852
[ 25 ] CVE-2011-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2853
[ 26 ] CVE-2011-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2854
[ 27 ] CVE-2011-2855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2855
[ 28 ] CVE-2011-2856
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2856
[ 29 ] CVE-2011-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2857
[ 30 ] CVE-2011-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2858
[ 31 ] CVE-2011-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2859
[ 32 ] CVE-2011-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2860
[ 33 ] CVE-2011-2861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2861
[ 34 ] CVE-2011-2862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2862
[ 35 ] CVE-2011-2864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2864
[ 36 ] CVE-2011-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2874
[ 37 ] CVE-2011-3234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3234
[ 38 ] CVE-2011-3873
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3873
[ 39 ] CVE-2011-3875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3875
[ 40 ] CVE-2011-3876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3876
[ 41 ] CVE-2011-3877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3877
[ 42 ] CVE-2011-3878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3878
[ 43 ] CVE-2011-3879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3879
[ 44 ] CVE-2011-3880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3880
[ 45 ] CVE-2011-3881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3881
[ 46 ] CVE-2011-3882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3882
[ 47 ] CVE-2011-3883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3883
[ 48 ] CVE-2011-3884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3884
[ 49 ] CVE-2011-3885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3885
[ 50 ] CVE-2011-3886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3886
[ 51 ] CVE-2011-3887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3887
[ 52 ] CVE-2011-3888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3888
[ 53 ] CVE-2011-3889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3889
[ 54 ] CVE-2011-3890
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3890
[ 55 ] CVE-2011-3891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3891
[ 56 ] Release Notes 10.0.648.127
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
[ 57 ] Release Notes 10.0.648.133
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html
[ 58 ] Release Notes 10.0.648.205
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
[ 59 ] Release Notes 11.0.696.57
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
[ 60 ] Release Notes 11.0.696.65
http://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html
[ 61 ] Release Notes 11.0.696.68
http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html
[ 62 ] Release Notes 11.0.696.71
http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html
[ 63 ] Release Notes 12.0.742.112
http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
[ 64 ] Release Notes 12.0.742.91
http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html
[ 65 ] Release Notes 13.0.782.107
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
[ 66 ] Release Notes 13.0.782.215
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
[ 67 ] Release Notes 13.0.782.220
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html
[ 68 ] Release Notes 14.0.835.163
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
[ 69 ] Release Notes 14.0.835.202
http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html
[ 70 ] Release Notes 15.0.874.102
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
[ 71 ] Release Notes 8.0.552.237
http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
[ 72 ] Release Notes 9.0.597.107
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html
[ 73 ] Release Notes 9.0.597.84
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html
[ 74 ] Release Notes 9.0.597.94
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
|
|
var-200505-1240
|
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ tcpdump Is a management tool for capturing network traffic and supports multiple protocols. The issue occurs because of the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets.
This issue affects tcpdump 3.9.x/CVS and earlier. This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig72CF56A4065A77499C855538
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated tcpdump packages fix security issues
Advisory ID: FLSA:156139
Issue date: 2006-04-04
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2005-1267, CVE-2005-1278, CVE-2005-1279,
CVE-2005-1280
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
Updated tcpdump packages that fix several security issues are now
available.
2. Relevant releases/architectures:
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
Several denial of service bugs were found in the way tcpdump processes
certain network packets. It is possible for an attacker to inject a
carefully crafted packet onto the network, crashing a running tcpdump
session. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-1267, CVE-2005-1278,
CVE-2005-1279, and CVE-2005-1280 to these issues.
Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these
issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D156139
6. RPMs required:
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9=
=2E4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7.9.=
4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7.9.=
4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11-7.=
9.4.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/tcpdump-3.7.2-8.f=
c1.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8.fc=
1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/libpcap-0.7.2-8.fc=
1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11-8.=
fc1.3.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/tcpdump-3.8.2-6.F=
C2.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6.FC=
2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/libpcap-0.8.3-6.FC=
2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13-6.=
FC2.3.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
0beccb4a6dd929174bc2d70d680a2e3c4a094391
redhat/9/updates/i386/tcpdump-3.7.2-7.9.4.legacy.i386.rpm
71e1ffc2c4dbf2a5c754630e198f17af94000e66
redhat/9/updates/i386/libpcap-0.7.2-7.9.4.legacy.i386.rpm
843a832974f531413a8e406491f6c91d09bda24d
redhat/9/updates/i386/arpwatch-2.1a11-7.9.4.legacy.i386.rpm
192fa5bbebe8039f3c23b8aa26804d1c4b788412
redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9.4.legacy.src.rpm
1a426b6225718dbd325fbe0c6d54f8904b710103
fedora/1/updates/i386/tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm
45cffdb7d98c2eb03da004d89b776a7050ff5c40
fedora/1/updates/i386/libpcap-0.7.2-8.fc1.3.legacy.i386.rpm
75e263aa296969c873d0475cc1c0785c30ea24d6
fedora/1/updates/i386/arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm
6e86c20a8af1fc607809c713d7ac00ab5e2f717c
fedora/1/updates/SRPMS/tcpdump-3.7.2-8.fc1.3.legacy.src.rpm
32d0dcf31fbe12225954cc32dad45dbcb6c5f5e4
fedora/2/updates/i386/tcpdump-3.8.2-6.FC2.3.legacy.i386.rpm
c84625e92600faa8566129c8229daa6c328dcee9
fedora/2/updates/i386/libpcap-0.8.3-6.FC2.3.legacy.i386.rpm
dbdcbed104a6d3985a0735aab55031a3be0e1a74
fedora/2/updates/i386/arpwatch-2.1a13-6.FC2.3.legacy.i386.rpm
bb98c4cd71507e4dec94da2c1c9f95ee9bbacde1
fedora/2/updates/SRPMS/tcpdump-3.8.2-6.FC2.3.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1280
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
--------------enig72CF56A4065A77499C855538
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEMxLYLMAs/0C4zNoRAk8xAJ4utHt2OOExJbd3DH8xtLyfe4YcyACeLsad
ZdMzjYDTapqXGKau0WRk570=
=BXab
-----END PGP SIGNATURE-----
--------------enig72CF56A4065A77499C855538--
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
gzip Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21996
VERIFY ADVISORY:
http://secunia.com/advisories/21996/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
gzip 1.x
http://secunia.com/product/4220/
DESCRIPTION:
Tavis Ormandy has reported some vulnerabilities in gzip, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
1) A boundary error within the "make_table()" function in unlzh.c can
be used to modify certain stack data. tricking
a user or automated system into unpacking a specially crafted archive
file. tricking a user or
automated system into unpacking a specially crafted "pack" archive
file.
3) A buffer overflow within the "make_table()" function of gzip's LZH
support can be exploited to cause a DoS and potentially to compromise
a vulnerable system by e.g. tricking a user or automated system into
unpacking an archive containing a specially crafted decoding table.
4) A NULL pointer dereference within the "huft_build()" function and
an infinite loop within the LZH handling can be exploited to cause a
DoS by e.g. tricking a user or automated system into unpacking a
specially crafted archive file.
The vulnerabilities have been reported in version 1.3.5. Other
versions may also be affected.
SOLUTION:
Do not unpack untrusted archive files.
PROVIDED AND/OR DISCOVERED BY:
Tavis Ormandy, Google Security Team
ORIGINAL ADVISORY:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
OTHER REFERENCES:
US-CERT VU#554780:
http://www.kb.cert.org/vuls/id/554780
US-CERT VU#381508:
http://www.kb.cert.org/vuls/id/381508
US-CERT VU#773548:
http://www.kb.cert.org/vuls/id/773548
US-CERT VU#933712:
http://www.kb.cert.org/vuls/id/933712
US-CERT VU#596848
http://www.kb.cert.org/vuls/id/596848
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-333A
Apple Releases Security Update to Address Multiple Vulnerabilities
Original release date: November 29, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.x and 10.4.x
* Apple Mac OS X Server version 10.3.x and 10.4.x
* Apple Safari web browser
These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.
Overview
Apple has released Security Update 2006-007 to correct multiple
vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web
browser. Vulnerabilities in OpenSSL, gzip, and other products are also
addressed. Description
Apple Security Update 2006-007 addresses a number of vulnerabilities
affecting Mac OS X, OS X Server, Safari web browser, and other
products. Further details are available in the related vulnerability
notes.
This security update also addresses previously known vulnerabilities
in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X.
II. Impact
The impacts of these vulnerabilities vary. For specific details, see
the appropriate vulnerability notes. Potential consequences include
remote execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. Solution
Install updates
Install Apple Security Update 2006-007. This and other updates are
available via Apple Update or via Apple Downloads.
IV. References
* Vulnerability Notes for Apple Security Update 2006-007 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>
* Vulnerability Notes for OpenSSL Security Advisory [28th September
2006] -
<http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928>
* Vulnerability Note VU#845620 -
<http://www.kb.cert.org/vuls/id/845620>
* Vulnerability Note VU#933712 -
<http://www.kb.cert.org/vuls/id/933712>
* Vulnerability Note VU#381508 -
<http://www.kb.cert.org/vuls/id/381508>
* Vulnerability Note VU#554780 -
<http://www.kb.cert.org/vuls/id/554780>
* Vulnerability Note VU#596848 -
<http://www.kb.cert.org/vuls/id/596848>
* Vulnerability Note VU#773548 -
<http://www.kb.cert.org/vuls/id/773548>
* About the security content of Security Update 2006-007 -
<http://docs.info.apple.com/article.html?artnum=304829>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple Downloads - <http://www.apple.com/support/downloads/>
* OpenSSL: OpenSSL vulnerabilities -
<http://www.openssl.org/news/vulnerabilities.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Safari>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-333A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-333A Feedback VU#191336" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/tcpdump < 3.8.3-r2 >= 3.8.3-r2
Description
===========
TCPDump improperly handles and decodes ISIS, BGP, LDP (CAN-2005-1279)
and RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after
receiving malformed packets.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All TCPDump users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r2"
References
==========
[ 1 ] CAN-2005-1279
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279
[ 2 ] CAN-2005-1280
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
|
|
var-201912-1857
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS is an operating system developed for mobile devices. The product supports storage of music, photos, App and contacts, etc. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple watchOS prior to 6.1; Windows-based iCloud prior to 11.0; iOS prior to 13.1; iPadOS prior to 13.1; Windows-based iTunes 12.10.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)
An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)
A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)
A logic issue existed in the handling of document loads. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)
This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)
An input validation issue was addressed with improved input validation. (CVE-2020-3902). In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
These updated images include numerous security fixes, bug fixes, and
enhancements. Bugs fixed (https://bugzilla.redhat.com/):
1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume
1813506 - Dockerfile not compatible with docker and buildah
1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup
1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement
1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance
1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node.
1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default
1842254 - [NooBaa] Compression stats do not add up when compression id disabled
1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster
1849771 - [RFE] Account created by OBC should have same permissions as bucket owner
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot
1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume
1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount
1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)
1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14)
1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage
1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards
1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found
1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining
1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script
1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5633-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633
Issue date: 2021-02-24
CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
CVE-2018-14553 CVE-2018-14879 CVE-2018-14880
CVE-2018-14881 CVE-2018-14882 CVE-2018-16227
CVE-2018-16228 CVE-2018-16229 CVE-2018-16230
CVE-2018-16300 CVE-2018-16451 CVE-2018-16452
CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-6977 CVE-2019-6978 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9455 CVE-2019-9458
CVE-2019-11068 CVE-2019-12614 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15166 CVE-2019-15903
CVE-2019-15917 CVE-2019-15925 CVE-2019-16167
CVE-2019-16168 CVE-2019-16231 CVE-2019-16233
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-18197 CVE-2019-18808 CVE-2019-18809
CVE-2019-19046 CVE-2019-19056 CVE-2019-19062
CVE-2019-19063 CVE-2019-19068 CVE-2019-19072
CVE-2019-19221 CVE-2019-19319 CVE-2019-19332
CVE-2019-19447 CVE-2019-19524 CVE-2019-19533
CVE-2019-19537 CVE-2019-19543 CVE-2019-19602
CVE-2019-19767 CVE-2019-19770 CVE-2019-19906
CVE-2019-19956 CVE-2019-20054 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20636 CVE-2019-20807
CVE-2019-20812 CVE-2019-20907 CVE-2019-20916
CVE-2020-0305 CVE-2020-0444 CVE-2020-1716
CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
CVE-2020-1971 CVE-2020-2574 CVE-2020-2752
CVE-2020-2922 CVE-2020-3862 CVE-2020-3864
CVE-2020-3865 CVE-2020-3867 CVE-2020-3868
CVE-2020-3885 CVE-2020-3894 CVE-2020-3895
CVE-2020-3897 CVE-2020-3898 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-7774
CVE-2020-8177 CVE-2020-8492 CVE-2020-8563
CVE-2020-8566 CVE-2020-8619 CVE-2020-8622
CVE-2020-8623 CVE-2020-8624 CVE-2020-8647
CVE-2020-8648 CVE-2020-8649 CVE-2020-9327
CVE-2020-9802 CVE-2020-9803 CVE-2020-9805
CVE-2020-9806 CVE-2020-9807 CVE-2020-9843
CVE-2020-9850 CVE-2020-9862 CVE-2020-9893
CVE-2020-9894 CVE-2020-9895 CVE-2020-9915
CVE-2020-9925 CVE-2020-10018 CVE-2020-10029
CVE-2020-10732 CVE-2020-10749 CVE-2020-10751
CVE-2020-10763 CVE-2020-10773 CVE-2020-10774
CVE-2020-10942 CVE-2020-11565 CVE-2020-11668
CVE-2020-11793 CVE-2020-12465 CVE-2020-12655
CVE-2020-12659 CVE-2020-12770 CVE-2020-12826
CVE-2020-13249 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-14019 CVE-2020-14040
CVE-2020-14381 CVE-2020-14382 CVE-2020-14391
CVE-2020-14422 CVE-2020-15157 CVE-2020-15503
CVE-2020-15862 CVE-2020-15999 CVE-2020-16166
CVE-2020-24490 CVE-2020-24659 CVE-2020-25211
CVE-2020-25641 CVE-2020-25658 CVE-2020-25661
CVE-2020-25662 CVE-2020-25681 CVE-2020-25682
CVE-2020-25683 CVE-2020-25684 CVE-2020-25685
CVE-2020-25686 CVE-2020-25687 CVE-2020-25694
CVE-2020-25696 CVE-2020-26160 CVE-2020-27813
CVE-2020-27846 CVE-2020-28362 CVE-2020-29652
CVE-2021-2007 CVE-2021-3121
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is
sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is
sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is
sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor.
Security Fix(es):
* crewjam/saml: authentication bypass in saml authentication
(CVE-2020-27846)
* golang: crypto/ssh: crafted authentication request can lead to nil
pointer dereference (CVE-2020-29652)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* kubernetes: Secret leaks in kube-controller-manager when using vSphere
Provider (CVE-2020-8563)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
* heketi: gluster-block volume password details available in logs
(CVE-2020-10763)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)
* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.7, see the following documentation,
which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - `--to` option does not work with `--credentials-requests` flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - `oc api-resources` does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in `oc explain`
1880787 - No description for Provisioning CRD for `oc explain`
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - `oc explain localvolumediscovery` returns empty description
1887751 - `oc explain localvolumediscoveryresult` returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`
1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]: `make check` broken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 - `oc adm release mirror` panic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translate `this` without context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 - `Active alerts` section throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describing `ignore-volume-az` is incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Show `kubectl diff ` command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in the `oc rollback -h` help page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port in `from dockerfile` flow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
1918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information for `oc new-project --skip-config-write` is wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`
1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources shows `undefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
5. References:
https://access.redhat.com/security/cve/CVE-2018-10103
https://access.redhat.com/security/cve/CVE-2018-10105
https://access.redhat.com/security/cve/CVE-2018-14461
https://access.redhat.com/security/cve/CVE-2018-14462
https://access.redhat.com/security/cve/CVE-2018-14463
https://access.redhat.com/security/cve/CVE-2018-14464
https://access.redhat.com/security/cve/CVE-2018-14465
https://access.redhat.com/security/cve/CVE-2018-14466
https://access.redhat.com/security/cve/CVE-2018-14467
https://access.redhat.com/security/cve/CVE-2018-14468
https://access.redhat.com/security/cve/CVE-2018-14469
https://access.redhat.com/security/cve/CVE-2018-14470
https://access.redhat.com/security/cve/CVE-2018-14553
https://access.redhat.com/security/cve/CVE-2018-14879
https://access.redhat.com/security/cve/CVE-2018-14880
https://access.redhat.com/security/cve/CVE-2018-14881
https://access.redhat.com/security/cve/CVE-2018-14882
https://access.redhat.com/security/cve/CVE-2018-16227
https://access.redhat.com/security/cve/CVE-2018-16228
https://access.redhat.com/security/cve/CVE-2018-16229
https://access.redhat.com/security/cve/CVE-2018-16230
https://access.redhat.com/security/cve/CVE-2018-16300
https://access.redhat.com/security/cve/CVE-2018-16451
https://access.redhat.com/security/cve/CVE-2018-16452
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-3884
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-6977
https://access.redhat.com/security/cve/CVE-2019-6978
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9455
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-11068
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15166
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-15925
https://access.redhat.com/security/cve/CVE-2019-16167
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-18809
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19056
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19068
https://access.redhat.com/security/cve/CVE-2019-19072
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19319
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19533
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19543
https://access.redhat.com/security/cve/CVE-2019-19602
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19770
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20386
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-20812
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-0305
https://access.redhat.com/security/cve/CVE-2020-0444
https://access.redhat.com/security/cve/CVE-2020-1716
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3898
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-7774
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-8563
https://access.redhat.com/security/cve/CVE-2020-8566
https://access.redhat.com/security/cve/CVE-2020-8619
https://access.redhat.com/security/cve/CVE-2020-8622
https://access.redhat.com/security/cve/CVE-2020-8623
https://access.redhat.com/security/cve/CVE-2020-8624
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8648
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10763
https://access.redhat.com/security/cve/CVE-2020-10773
https://access.redhat.com/security/cve/CVE-2020-10774
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-11668
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-12465
https://access.redhat.com/security/cve/CVE-2020-12655
https://access.redhat.com/security/cve/CVE-2020-12659
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14019
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14381
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15157
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-15862
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2020-16166
https://access.redhat.com/security/cve/CVE-2020-24490
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25641
https://access.redhat.com/security/cve/CVE-2020-25658
https://access.redhat.com/security/cve/CVE-2020-25661
https://access.redhat.com/security/cve/CVE-2020-25662
https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/cve/CVE-2020-26160
https://access.redhat.com/security/cve/CVE-2020-27813
https://access.redhat.com/security/cve/CVE-2020-27846
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-29652
https://access.redhat.com/security/cve/CVE-2021-2007
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T
lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H
EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8
4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4
mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL
ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy
Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk
4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM
uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG
krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv
RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6
McvuEaxco7U=
=sw8i
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at
Technische Universität Darmstadt
App Store
Available for: Apple Watch Series 1 and later
Impact: A local attacker may be able to login to the account of a
previously logged in user without valid credentials.
CVE-2019-8798: ABC Research s.r.o.
Alternatively, on your watch, select "My Watch > General > About".
Bug Fix(es):
* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
* The compliancesuite object returns error with ocp4-cis tailored profile
(BZ#1902251)
* The compliancesuite does not trigger when there are multiple rhcos4
profiles added in scansettingbinding object (BZ#1902634)
* [OCP v46] Not all remediations get applied through machineConfig although
the status of all rules shows Applied in ComplianceRemediations object
(BZ#1907414)
* The profile parser pod deployment and associated profiles should get
removed after upgrade the compliance operator (BZ#1908991)
* Applying the "rhcos4-moderate" compliance profile leads to Ignition error
"something else exists at that path" (BZ#1909081)
* [OCP v46] Always update the default profilebundles on Compliance operator
startup (BZ#1909122)
3. Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902251 - The compliancesuite object returns error with ocp4-cis tailored profile
1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path"
1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-10-29-11 Additional information
for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1
iOS 13.1 and iPadOS 13.1 address the following:
AppleFirmwareUpdateKext
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2019-8747: Mohamed Ghannam (@_simo36)
Entry added October 29, 2019
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab
Entry added October 29, 2019
Books
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2019-8740: Mohamed Ghannam (@_simo36)
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local app may be able to read a persistent account
identifier
Description: A validation issue was addressed with improved logic.
CVE-2019-8809: Apple
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: The issue was addressed with improved permissions logic.
CVE-2019-8780: Siguza
libxslt
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxslt
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8750: found by OSS-Fuzz
Entry added October 29, 2019
mDNSResponder
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in physical proximity may be able to passively
observe device names in AWDL communications
Description: This issue was resolved by replacing device names with a
random identifier.
CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Entry added October 29, 2019
VoiceOver
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
access contacts from the lock screen
Description: The issue was addressed by restricting options offered
on a locked device.
CVE-2019-8775: videosdebarraquito
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Visiting a maliciously crafted website may reveal browsing
history
Description: An issue existed in the drawing of web page elements.
CVE-2019-8710: found by OSS-Fuzz
CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin
Group
CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech
CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech
CVE-2019-8763: Sergei Glazunov of Google Project Zero
CVE-2019-8765: Samuel Groß of Google Project Zero
CVE-2019-8766: found by OSS-Fuzz
CVE-2019-8773: found by OSS-Fuzz
Additional recognition
boringssl
We would like to acknowledge Nimrod Aviram of Tel Aviv University,
Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr
University Bochum for their assistance.
Entry added October 29, 2019
Find My iPhone
We would like to acknowledge an anonymous researcher for their
assistance.
Identity Service
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Share Sheet
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Status Bar
We would like to acknowledge Isaiah Kahler, Mohammed Adham, and an
anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.1 and iPadOS 13.1". Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006
------------------------------------------------------------------------
Date reported : November 08, 2019
Advisory ID : WSA-2019-0006
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0006.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0006.html
CVE identifiers : CVE-2019-8710, CVE-2019-8743, CVE-2019-8764,
CVE-2019-8765, CVE-2019-8766, CVE-2019-8782,
CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814,
CVE-2019-8815, CVE-2019-8816, CVE-2019-8819,
CVE-2019-8820, CVE-2019-8821, CVE-2019-8822,
CVE-2019-8823.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2019-8710
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8743
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to zhunki from Codesafe Team of Legendsec at Qi'anxin Group.
CVE-2019-8764
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8765
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Samuel Groß of Google Project Zero.
CVE-2019-8766
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8782
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8783
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Cheolung Lee of LINE+ Graylab Security Team.
CVE-2019-8808
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8811
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8812
Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before
2.26.2.
Credit to an anonymous researcher.
CVE-2019-8813
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to an anonymous researcher.
CVE-2019-8814
Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before
2.26.2.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8815
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Apple.
CVE-2019-8816
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8819
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8820
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Samuel Groß of Google Project Zero.
CVE-2019-8821
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8822
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8823
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Sergei Glazunov of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
November 08, 2019
. Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24.
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: March 15, 2020
Bugs: #699156, #706374, #709612
ID: 202003-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
References
==========
[ 1 ] CVE-2019-8625
https://nvd.nist.gov/vuln/detail/CVE-2019-8625
[ 2 ] CVE-2019-8674
https://nvd.nist.gov/vuln/detail/CVE-2019-8674
[ 3 ] CVE-2019-8707
https://nvd.nist.gov/vuln/detail/CVE-2019-8707
[ 4 ] CVE-2019-8710
https://nvd.nist.gov/vuln/detail/CVE-2019-8710
[ 5 ] CVE-2019-8719
https://nvd.nist.gov/vuln/detail/CVE-2019-8719
[ 6 ] CVE-2019-8720
https://nvd.nist.gov/vuln/detail/CVE-2019-8720
[ 7 ] CVE-2019-8726
https://nvd.nist.gov/vuln/detail/CVE-2019-8726
[ 8 ] CVE-2019-8733
https://nvd.nist.gov/vuln/detail/CVE-2019-8733
[ 9 ] CVE-2019-8735
https://nvd.nist.gov/vuln/detail/CVE-2019-8735
[ 10 ] CVE-2019-8743
https://nvd.nist.gov/vuln/detail/CVE-2019-8743
[ 11 ] CVE-2019-8763
https://nvd.nist.gov/vuln/detail/CVE-2019-8763
[ 12 ] CVE-2019-8764
https://nvd.nist.gov/vuln/detail/CVE-2019-8764
[ 13 ] CVE-2019-8765
https://nvd.nist.gov/vuln/detail/CVE-2019-8765
[ 14 ] CVE-2019-8766
https://nvd.nist.gov/vuln/detail/CVE-2019-8766
[ 15 ] CVE-2019-8768
https://nvd.nist.gov/vuln/detail/CVE-2019-8768
[ 16 ] CVE-2019-8769
https://nvd.nist.gov/vuln/detail/CVE-2019-8769
[ 17 ] CVE-2019-8771
https://nvd.nist.gov/vuln/detail/CVE-2019-8771
[ 18 ] CVE-2019-8782
https://nvd.nist.gov/vuln/detail/CVE-2019-8782
[ 19 ] CVE-2019-8783
https://nvd.nist.gov/vuln/detail/CVE-2019-8783
[ 20 ] CVE-2019-8808
https://nvd.nist.gov/vuln/detail/CVE-2019-8808
[ 21 ] CVE-2019-8811
https://nvd.nist.gov/vuln/detail/CVE-2019-8811
[ 22 ] CVE-2019-8812
https://nvd.nist.gov/vuln/detail/CVE-2019-8812
[ 23 ] CVE-2019-8813
https://nvd.nist.gov/vuln/detail/CVE-2019-8813
[ 24 ] CVE-2019-8814
https://nvd.nist.gov/vuln/detail/CVE-2019-8814
[ 25 ] CVE-2019-8815
https://nvd.nist.gov/vuln/detail/CVE-2019-8815
[ 26 ] CVE-2019-8816
https://nvd.nist.gov/vuln/detail/CVE-2019-8816
[ 27 ] CVE-2019-8819
https://nvd.nist.gov/vuln/detail/CVE-2019-8819
[ 28 ] CVE-2019-8820
https://nvd.nist.gov/vuln/detail/CVE-2019-8820
[ 29 ] CVE-2019-8821
https://nvd.nist.gov/vuln/detail/CVE-2019-8821
[ 30 ] CVE-2019-8822
https://nvd.nist.gov/vuln/detail/CVE-2019-8822
[ 31 ] CVE-2019-8823
https://nvd.nist.gov/vuln/detail/CVE-2019-8823
[ 32 ] CVE-2019-8835
https://nvd.nist.gov/vuln/detail/CVE-2019-8835
[ 33 ] CVE-2019-8844
https://nvd.nist.gov/vuln/detail/CVE-2019-8844
[ 34 ] CVE-2019-8846
https://nvd.nist.gov/vuln/detail/CVE-2019-8846
[ 35 ] CVE-2020-3862
https://nvd.nist.gov/vuln/detail/CVE-2020-3862
[ 36 ] CVE-2020-3864
https://nvd.nist.gov/vuln/detail/CVE-2020-3864
[ 37 ] CVE-2020-3865
https://nvd.nist.gov/vuln/detail/CVE-2020-3865
[ 38 ] CVE-2020-3867
https://nvd.nist.gov/vuln/detail/CVE-2020-3867
[ 39 ] CVE-2020-3868
https://nvd.nist.gov/vuln/detail/CVE-2020-3868
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-22
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
|
|
var-202104-0752
|
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A security issue exists in WebKitGTK prior to 2.32.0 and WPE WebKit prior to 2.32.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E
awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3
05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7
sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7
tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ
w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD
Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5
QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T
qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu
SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb
Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX
2rgR2Ny0wo4=gfrM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
CVE-2021-1844: Clément Lecigne of Googleʼs Threat Analysis Group,
Alison Huffman of Microsoft Browser Vulnerability Research
Installation note:
* After installing this update, the build number for Safari 14.0.3 is
14610.4.3.1.7 on macOS Mojave and
15610.4.3.1.7 on macOS Catalina.
Safari 14.0.3 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-6 tvOS 14.5
tvOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212323.
AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Assets
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1836: an anonymous researcher
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
MobileInstallation
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Preferences
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Tailspin
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group,
Alison Huffman of Microsoft Browser Vulnerability Research
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHQEkACgkQZcsbuWJ6
jjBQqhAAhT6igO2sBsZW1+ecMiDmF9RSncVFfF1tXYcbwY0VdGgmoEYFSegudN1V
k3tdJEIRwT25R7K9359Mz5z/uHHBhZrABuv0tRiTfHobYTxoA/52Hx7WzqioW7EU
lxJsEkBaRqOkuM5PjMa1he6KzlxDpIXmhgz0uZknO135S7JPUcTasRnDuzzk92WP
b8Y62dlIoQ7w38g4xFA7Jg52GnTpYXxacA591ipaqW9Q3AaTCUfQSoRVRuGLZ2rn
4AacIgGnSgXPOCGURkrAxV9yPTxDC8Ug+ctV1pFBc0YKQZ/nugdQkMKxe2mzKKAd
4PaurX3+m5YwKJf5Ma+UUDZVPsSK4exPyKMsrKu0p+pfoeumPuAJydMCWJrELR1p
xvTTxljkMs++snOAiNP9lzKJe6kuU1aqLmzLHqspP2QC8YXJH3VWG9fqcagVSb0R
zqvXI4nicqYJc635OANJy24QS5yzvOovdeJYCiJQaWc7RauLTavOetYZ34kWjjYr
2X1Dj0UdeRK5LCrDMFvlIx6jCQpFbKwfg9D7+1IiPI6bNWNdVFCPsrd59iGdBpj8
NvAGs6afDOo68EK1LLRYcR0EigkcCFZ84oqY40nlfdc9ZN1xeZ3plfbpFDywv4s8
nzTZlUAupV+ZCnrq0VbzskIE67Li6lAR+Bm7LmK3aRvMZaxfcn0=
=iii4
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (buster), these problems have been fixed in
version 2.32.1-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages |
|
var-200902-0880
|
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. The International Components for Unicode is prone to an input-validation vulnerability because the library may incorrectly convert some invalid byte sequences.
An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or allow the attacker to obtain sensitive information in some cases. Other attacks are also possible.
NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Mac OS X is the operating system used by the Apple family of machines. There is a bug in the implementation of ICU's handling of certain character encodings. ===========================================================
Ubuntu Security Notice USN-846-1 October 08, 2009
icu vulnerability
CVE-2009-0153
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libicu38 3.8-6ubuntu0.2
Ubuntu 8.10:
libicu38 3.8.1-2ubuntu0.2
Ubuntu 9.04:
libicu38 3.8.1-3ubuntu1.1
After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes. If an application using ICU processed crafted
data, content security mechanisms could be bypassed, potentially leading to
cross-site scripting (XSS) attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1889-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icu
Vulnerability : programming error
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0153
It was discovered that the ICU unicode library performed incorrect
processing of invalid multibyte sequences, resulting in potential
bypass of security mechanisms.
For the old stable distribution (etch), this problem has been fixed in
version 3.6-2etch3.
For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny2.
For the unstable distribution (sid), this problem has been fixed in
version 4.0.1-1.
We recommend that you upgrade your icu packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.dsc
Size/MD5 checksum: 592 8b600075600533ce08c9801ffa571a19
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.diff.gz
Size/MD5 checksum: 45190 601af38fe10a27e08e40985c409bc6c4
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch3_all.deb
Size/MD5 checksum: 3239572 8bf16fb7db375fb14de7082bcb814733
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_alpha.deb
Size/MD5 checksum: 5586140 1244a1b89188c020a97468dc25d22af7
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_alpha.deb
Size/MD5 checksum: 7012868 8680617bb8c38f6abef169b572a76baa
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_amd64.deb
Size/MD5 checksum: 5444866 f9271ec21977880f74955cfe06b7580d
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_amd64.deb
Size/MD5 checksum: 6573726 25374ce8e6ae12b655a9744db65b9455
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_hppa.deb
Size/MD5 checksum: 5913798 20c8976b23d28d9bc91ea053748d79e0
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_hppa.deb
Size/MD5 checksum: 7110674 bee82145df32672bf5d61e29dd3d6bc3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_i386.deb
Size/MD5 checksum: 6466444 d8e1c31e6f1d238353340a9b82da1ed8
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_i386.deb
Size/MD5 checksum: 5470148 f5d9e50ecb224df9ae4f0c7057097f54
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_ia64.deb
Size/MD5 checksum: 5869036 c305e7cff86ad5584c4842fec7619fd8
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_ia64.deb
Size/MD5 checksum: 7243932 effc8dc2ed962de903e848ff402c167a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mips.deb
Size/MD5 checksum: 5747354 39624db186bbf7ce259c47681d0a1cfc
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mips.deb
Size/MD5 checksum: 7052540 c159699731d592ec60fcfd4bbe010a51
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mipsel.deb
Size/MD5 checksum: 6769230 32e24d0b40b3f2e62e0c2c4c4be96dce
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mipsel.deb
Size/MD5 checksum: 5464426 5f544b29dd41d8326ddfd70b31e4045a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_powerpc.deb
Size/MD5 checksum: 6891510 af8e8b416b43a9d6c5f5893dd63261d6
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_powerpc.deb
Size/MD5 checksum: 5750422 ec7b53398b703da8f7e166a33768e260
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_s390.deb
Size/MD5 checksum: 6896648 d6e3cde239924756df46b084e80388d4
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_s390.deb
Size/MD5 checksum: 5781028 e5c3b53fdcda2562a206d92b15a5f520
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_sparc.deb
Size/MD5 checksum: 6774462 94ce55cf609a906af5336f32b6c2ee22
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_sparc.deb
Size/MD5 checksum: 5673738 d63d35c169da448d83074fa45e25ed64
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny2.diff.gz
Size/MD5 checksum: 41943 57d76fe9884c543a634bfd44425a42c6
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny2.dsc
Size/MD5 checksum: 1298 e0528ce00964025af9b2f940f588664a
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny2_all.deb
Size/MD5 checksum: 3659700 69882d02e07863b195b7e9b798bdeff2
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_alpha.deb
Size/MD5 checksum: 6068242 7e4d26e612e178ebac27cbd2a7db72a9
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_alpha.deb
Size/MD5 checksum: 7568600 18c17c486d3ee39d0c0b1574d219c228
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_alpha.deb
Size/MD5 checksum: 2366836 bb1325175eb3086459d6a1daba52d010
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_amd64.deb
Size/MD5 checksum: 5932454 22e0013e161bf6ec46fdb7e330fa9c2e
http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny2_amd64.deb
Size/MD5 checksum: 5919044 c785a70caa0bf88a644f0b65011915ee
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_amd64.deb
Size/MD5 checksum: 2404096 2ce67914c39c474ff42f57ffc24bb263
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_amd64.deb
Size/MD5 checksum: 7123322 5357c9591d7cea42b4cd9bd00b6c9114
http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny2_amd64.deb
Size/MD5 checksum: 6063026 bde21ee163171d88d1d3b96cfa795d9b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_arm.deb
Size/MD5 checksum: 5910002 195d7e79719dc7b6275776eb29b28b3a
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_arm.deb
Size/MD5 checksum: 7183106 d5939d433c5e647e1c75af8fb27351d7
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_arm.deb
Size/MD5 checksum: 2287448 c3e04dae0ad884951cc1ba6663026fed
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_armel.deb
Size/MD5 checksum: 5848632 1adf442fa32cd182384d2d2608000ef8
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_armel.deb
Size/MD5 checksum: 7420504 f593ee94d7bdb4bb8c0796aebfaccd61
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_armel.deb
Size/MD5 checksum: 1758708 cffc60f24a4293d362d82fb6483d38fd
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_hppa.deb
Size/MD5 checksum: 6379014 1cdb8e9a77f953d7846eb12976efb04f
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_hppa.deb
Size/MD5 checksum: 7667266 2b4fa947ccb1c56e0a1ab997081349ad
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_hppa.deb
Size/MD5 checksum: 2360524 012847a53a622bb3dff6a522c0521801
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_i386.deb
Size/MD5 checksum: 2278340 b95d691813f7d32d7bc1a8aa96ddcd94
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_i386.deb
Size/MD5 checksum: 6975168 e5c844c5ce908655075dd49c57182b3f
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_i386.deb
Size/MD5 checksum: 5918780 a471bd785fecadc4a7acd91be38a1bca
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_ia64.deb
Size/MD5 checksum: 6398722 9a8fb2a23112dfa081285f2b34bc2c48
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_ia64.deb
Size/MD5 checksum: 7828890 a56ec00c1e33f8abaaa73e211e3f26c1
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_ia64.deb
Size/MD5 checksum: 2210326 674686adc1b87ef59144e90fdddb6e8a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_mips.deb
Size/MD5 checksum: 6209236 3f2f1f954799ec7c20226b66578496fb
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_mips.deb
Size/MD5 checksum: 7601662 e5873a370ba2f10e07ba438221ec9326
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_mips.deb
Size/MD5 checksum: 2475268 9ccfeff2fbd457798ad595513c3fceb8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_mipsel.deb
Size/MD5 checksum: 7294770 e7a2b87be42cf6c2eb5defc1f16fcd1b
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_mipsel.deb
Size/MD5 checksum: 5900392 1fd37ee3d1d15c3ad251a5b4e2707275
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_mipsel.deb
Size/MD5 checksum: 2408066 8c5b8b9e7eb46d8404d6fbdf319ba647
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_powerpc.deb
Size/MD5 checksum: 2378760 842531d765b7bcd25f27535f7e2195fa
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_powerpc.deb
Size/MD5 checksum: 7462340 0ce58e5b42bf6cea3488fc55af9b0721
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_powerpc.deb
Size/MD5 checksum: 6292462 d8ca2eb3b172e43405339d1ddb233b66
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_s390.deb
Size/MD5 checksum: 7436198 33277bb42e73a64ae8421c5ce4cc390a
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_s390.deb
Size/MD5 checksum: 6270994 b23dd748a28ccde33d87d7df945693a2
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_s390.deb
Size/MD5 checksum: 2471744 926e06bca83a31ce3aca813409cc95a8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_sparc.deb
Size/MD5 checksum: 7304054 9f98cb39fce383087d192faa2fc47386
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_sparc.deb
Size/MD5 checksum: 2135440 3db054d567561c48e935814465e4a525
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_sparc.deb
Size/MD5 checksum: 6146402 1bfc509accd39f0ca52b871b4af534a2
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkqxN9cACgkQXm3vHE4uylp6WACcDP/faUO12bVfOeG8qVHMiiRv
oKUAn0ZXj9WAkxDxgUbpM2SEG6TuoUgo
=FNYT
-----END PGP SIGNATURE-----
|
|
var-201908-1958
|
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Bluetooth BR/EDR is a Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) standard. An encryption issue vulnerability exists in Bluetooth BR/EDR 5.1 and earlier versions. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. A weakness in the Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) protocol core specification exposes a vulnerability that could allow for an unauthenticated, adjacent malicious user to perform a man-in-the-middle attack on an encrypted Bluetooth connection. The attack must be performed during negotiation or renegotiation of a paired device connection; existing sessions cannot be attacked.
The issue could allow the malicious user to reduce the entropy of the negotiated session key that is used to secure a Bluetooth connection between a paired device and a host device. An attacker who can successfully inject a malicious message into a Bluetooth connection during session negotiation or renegotiation could cause the strength of the session key to be susceptible to brute force attack.
This advisory will be updated as additional information becomes available. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth. 7) - aarch64, noarch, ppc64le
3.
Bug Fix(es):
* kernel modules pkey and paes_s390 are not available (BZ#1719192)
* pkey: Indicate old mkvp only if old and curr. mkvp are different
(BZ#1720621)
* System dropped into Mon running softboots Exception: 501 (Hardware
Interrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi)
(BZ#1737563)
* kernel: jump label transformation performance (BZ#1739143)
* Backport i40e MDD detection removal for PFs (BZ#1747618)
4. 7.5) - ppc64, ppc64le, x86_64
3.
Bug Fix(es):
* TCP packets are segmented when sent to the VLAN device when coming from
VXLAN dev. (BZ#1732810)
* skb head copy occurs when sending traffic over OVS managed VXLAN tunnel
(BZ#1733896)
* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734306)
* use "make -jN" for modules_install (BZ#1735082)
* Backport TCP follow-up for small buffers (BZ#1739128)
* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740176)
* RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations /
powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM)
(BZ#1745437)
* RHEL7.6 - powerpc/pseries: Fix unitialized timer reset on migration /
powerpc/pseries/mobility: Extend start/stop topology update scope (LPM)
(BZ#1745439)
* RHEL7.5 - ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen
during LPM (POWER9/P9) (BZ#1745447)
4.
Bug Fix(es):
* port show-kabi to python3 (BZ#1806924)
4. 7.6) - ppc64le, x86_64
3. Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. 7.3) - noarch, x86_64
3.
Bug Fix(es):
* kernel build: parallelize redhat/mod-sign.sh (BZ#1755326)
4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:3055-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3055
Issue date: 2019-10-15
CVE Names: CVE-2018-20856 CVE-2019-3846 CVE-2019-9506
CVE-2019-10126
====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Use-after-free in __blk_drain_queue() function in
block/blk-core.c (CVE-2018-20856)
* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in
marvell/mwifiex/scan.c (CVE-2019-3846)
* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
(CVE-2019-9506)
* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fixes:
* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)
* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)
* high update_cfs_rq_blocked_load contention (BZ#1740180)
* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows
Server 2019. (BZ#1740188)
* kvm: backport cpuidle-haltpoll driver (BZ#1740192)
* Growing unreclaimable slab memory (BZ#1741920)
* [bnx2x] ping failed from pf to vf which has been attached to vm
(BZ#1741926)
* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with >
240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)
* Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid
(BZ#1744442)
* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6
address (BZ#1744443)
* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system
(BZ#1744444)
* NFSv4.0 client sending a double CLOSE (leading to EIO application
failure) (BZ#1744946)
* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but
the VM was unavailable for 2 hours (BZ#1748239)
* NFS client autodisconnect timer may fire immediately after TCP connection
setup and may cause DoS type reconnect problem in complex network
environments (BZ#1749290)
* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)
* Allows macvlan to operated correctly over the active-backup mode to
support bonding events. (BZ#1751579)
* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group
(BZ#1752421)
Users of kernel are advised to upgrade to these updated packages, which fix
these bugs.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1062.4.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
perf-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1062.4.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
perf-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1062.4.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1062.4.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debug-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-devel-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-headers-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-tools-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.ppc64.rpm
perf-3.10.0-1062.4.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
python-perf-3.10.0-1062.4.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1062.4.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.ppc64le.rpm
perf-3.10.0-1062.4.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
python-perf-3.10.0-1062.4.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1062.4.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
kernel-3.10.0-1062.4.1.el7.s390x.rpm
kernel-debug-3.10.0-1062.4.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1062.4.1.el7.s390x.rpm
kernel-devel-3.10.0-1062.4.1.el7.s390x.rpm
kernel-headers-3.10.0-1062.4.1.el7.s390x.rpm
kernel-kdump-3.10.0-1062.4.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1062.4.1.el7.s390x.rpm
perf-3.10.0-1062.4.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
python-perf-3.10.0-1062.4.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
perf-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1062.4.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
perf-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-20856
https://access.redhat.com/security/cve/CVE-2019-3846
https://access.redhat.com/security/cve/CVE-2019-9506
https://access.redhat.com/security/cve/CVE-2019-10126
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXaYG69zjgjWX9erEAQjA1Q/7Bte0lgWfI6xE9bw9FqrE7ZFw3Jq5bqV1
8PYYAZBFCLUHsC1HS33jiTGGaS5xbqR4yrtNCnZHLhsZU6w9avm0zDFW2CEzAwRC
Uri5R30mCVtc2p3jsHupNKrKhzzkmKjz2J5gYn+ubX9Ok7ScxZZ8ucF9kJcSx7LL
qswocd0lWkbjy/2MY0t6MCMnvoNvgOB1XEmQE5a9CHrHtKe9kEJcWJUht6vXqhZ4
SJYkMLDIsDYOXFsWBwZnKT0BVXNurS9+g7b7MX4ZaQATN5MD9x7jP7FYTIp8lhyJ
NKOqa8/D5eFGKF3YlgySgqXZ22XT1MasENDJ7OS62lRQd+/eeznyK0CUOAtILLvH
1GTfXgz8nvMynX+ZKkiZv5+tEFCWFNKkHudYuzoirFa+p29l0YWW6SjfPN+c3NnE
9DLfZhqYuX2tcx3O8khxjS/okRh5mBFQvzXlWqyPmgqsbjP0L5R2YoPNMzzGB3OQ
FA/QgjD8AD9Tn8+rZM+VeoWVYTwPT8OMv1wMEqOeJLIxR8/DiY42YEQiNBU2na4W
AYajLwK6d3Ey+DV+/5YwjWWQOyyTxP9Q8F0xb61HdQmq1dILZJgFBmVR5ilxlpoJ
sHiYCTKF/M8DbDGSWwZkD69ZPtBWPGvTI0XkgTIfhcTeF2BRL2UZkszrM72QjGqH
OQh6hA3MyvA=zvD0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Bug Fix(es):
* kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)
4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3
watchOS 5.3 addresses the following:
Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Core Data
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Digital Touch
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8624: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Foundation
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
libxslt
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Messages
Available for: Apple Watch Series 1 and later
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of
University of Oregon
Messages
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing
Quick Look
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Siri
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
UIFoundation
Available for: Apple Watch Series 1 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Wallet
Available for: Apple Watch Series 1 and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8682: Jeff Braswell (JeffBraswell.com)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero
Additional recognition
MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About" |
|
var-200102-0052
|
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Cisco Catalyst 6000, 5000, or 4000 switches are vulnerable. This vulnerability results in a protocol mismatch. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
|
|
var-201708-0038
|
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability.
A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: NTP: Multiple vulnerabilities
Date: July 20, 2016
Bugs: #563774, #572452, #581528, #584954
ID: 201607-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in NTP, the worst of which
could lead to Denial of Service.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
===========
Multiple vulnerabilities have been discovered in NTP. Please review the
CVE identifiers referenced below for details.
Resolution
==========
All NTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
==========
[ 1 ] CVE-2015-7691
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691
[ 2 ] CVE-2015-7692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692
[ 3 ] CVE-2015-7701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701
[ 4 ] CVE-2015-7702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702
[ 5 ] CVE-2015-7703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703
[ 6 ] CVE-2015-7704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704
[ 7 ] CVE-2015-7705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705
[ 8 ] CVE-2015-7848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848
[ 9 ] CVE-2015-7849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849
[ 10 ] CVE-2015-7850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850
[ 11 ] CVE-2015-7851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851
[ 12 ] CVE-2015-7852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852
[ 13 ] CVE-2015-7853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853
[ 14 ] CVE-2015-7854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854
[ 15 ] CVE-2015-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855
[ 16 ] CVE-2015-7871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871
[ 17 ] CVE-2015-7973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973
[ 18 ] CVE-2015-7974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974
[ 19 ] CVE-2015-7975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975
[ 20 ] CVE-2015-7976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976
[ 21 ] CVE-2015-7977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977
[ 22 ] CVE-2015-7978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978
[ 23 ] CVE-2015-7979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979
[ 24 ] CVE-2015-8138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138
[ 25 ] CVE-2015-8139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139
[ 26 ] CVE-2015-8140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140
[ 27 ] CVE-2015-8158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158
[ 28 ] CVE-2016-1547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547
[ 29 ] CVE-2016-1548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548
[ 30 ] CVE-2016-1549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549
[ 31 ] CVE-2016-1550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550
[ 32 ] CVE-2016-1551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551
[ 33 ] CVE-2016-2516
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516
[ 34 ] CVE-2016-2517
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517
[ 35 ] CVE-2016-2518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518
[ 36 ] CVE-2016-2519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519
[ 37 ] CVE-2016-4953
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953
[ 38 ] CVE-2016-4954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954
[ 39 ] CVE-2016-4955
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955
[ 40 ] CVE-2016-4956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956
[ 41 ] CVE-2016-4957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Release Date: 2016-09-21
Last Updated: 2016-09-21
Potential Security Impact: Multiple Remote Vulnerabilities
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities in NTP have been addressed with HPE
Comware 7 (CW7) network products.
References:
- CVE-2015-7704
- CVE-2015-7705
- CVE-2015-7855
- CVE-2015-7871
- PSRT110228
- SSRT102943
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 7 (CW7) Products - Please refer to the RESOLUTION
below for a list of impacted products. All product versions are impacted
prior to the fixed versions listed.
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7704
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7705
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7855
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7871
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has released the following software updates to resolve the
vulnerabilities in HPE Comware 7 network products.
**COMWARE 7 Products**
+ **12500 (Comware 7) - Version: R7377**
* HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
+ **10500 (Comware 7) - Version: R7178**
* HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating
System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System
Main Processing Unit
+ **12900 (Comware 7) - Version: R1138P03**
* HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
+ **5900 (Comware 7) - Version: R2422P02**
* HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
+ **MSR1000 (Comware 7) - Version: R0305P08**
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
+ **MSR2000 (Comware 7) - Version: R0305P08**
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
+ **MSR3000 (Comware 7) - Version: R0305P08**
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
+ **MSR4000 (Comware 7) - Version: R0305P08**
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
+ **VSR (Comware 7) - Version: E0322**
* HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation
Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
+ **7900 (Comware 7) - Version: R2138P03**
* HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main
Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main
Processing Unit
+ **5130 (Comware 7) - Version: R3111P03**
* HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
+ **5700 (Comware 7) - Version: R2422P02**
* HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
+ **5930 (Comware 7) - Version: R2422P02**
* HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
+ **HSR6600 (Comware 7) - Version: R7103P07**
* HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
+ **HSR6800 (Comware 7) - Version: R7103P07**
* HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
+ **1950 (Comware 7) - Version: R3111P03**
* HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
+ **7500 (Comware 7) - Version: R7178**
* HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only
Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port
40GbE QSFP+ Main Processing Unit
+ **5130HI - Version: R1118P02**
* HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
+ **5510HI - Version: R1118P02**
* HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
**Note:** Please contact HPE Technical Support if any assistance is needed
acquiring the software updates.
HISTORY
Version:1 (rev.1) - 21 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-15:25.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2015-10-26
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)
2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)
2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)
2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)
2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)
CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,
CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,
CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,
CVE-2015-7871
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/.
I.
II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an
unauthenticated ephemeral symmetric peer by bypassing the authentication
required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and
10.1 are not affected. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd(8) was configured to disable
authentication, then an attacker can send a set of packets to ntpd(8) that
may cause it to crash, with the hypothetical possibility of a small code
injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer.
NTF's ntpd(8) driver implementations always set this value to 0 and are
therefore not vulnerable to this weakness. If you are running a custom
refclock driver in ntpd(8) and that driver supplies a negative value for
datalen (no custom driver of even minimal competence would do this)
then ntpd would overflow a data buffer. It is even hypothetically
possible in this case that instead of simply crashing ntpd the
attacker could effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening
for data and the port number it is listening on or if the attacker can
provide a malicious instance ntpd(8) that victims will connect to then an
attacker can send a set of crafted mode 6 response packets that, if
received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) IP address is allowed to send remote configuration
requests, and if the attacker knows the remote configuration password
or if ntpd(8) was configured to disable authentication, then an attacker
can send a set of packets to ntpd that may cause ntpd(8) to overwrite
files. [CVE-2015-7851]. The default configuration of ntpd(8) within
FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd(8) was configured to disable
authentication, then an attacker can send a set of packets to ntpd
that will cause it to crash and/or create a potentially huge log
file. Specifically, the attacker could enable extended logging,
point the key file at the log file, and cause what amounts to an
infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)
within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd was configured to disable
authentication, then an attacker can send a set of packets to
ntpd that may cause a crash or theoretically perform a code
injection attack. [CVE-2015-7849]. The default configuration of ntpd(8)
within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use
of mode 7 packets is not properly protected thru the use of the
available mode 7 authentication and restriction mechanisms, and
if the (possibly spoofed) source IP address is allowed to send
mode 7 queries, then an attacker can send a crafted packet to
ntpd that will cause it to crash. [CVE-2015-7848]. The default
configuration of ntpd(8) within FreeBSD does not allow mode 7
packets.
If ntpd(8) is configured to use autokey, then an attacker can send
packets to ntpd that will, after several days of ongoing attack,
cause it to run out of memory. [CVE-2015-7701]. The default
configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if
the (possibly spoofed) source IP address is allowed to send
remote configuration requests, and if the attacker knows the
remote configuration password, it's possible for an attacker
to use the "pidfile" or "driftfile" directives to potentially
overwrite other files. [CVE-2015-5196]. The default configuration
of ntpd(8) within FreeBSD does not allow remote configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor
KoD messages that have been forged by an attacker, causing it
to delay or stop querying its servers for time updates. Also,
an attacker can forge packets that claim to be from the target
and send them to servers often enough that a server that
implements KoD rate limiting will send the target machine a
KoD response to attempt to reduce the rate of incoming packets,
or it may also trigger a firewall block at the server for
packets from the target machine. For either of these attacks
to succeed, the attacker must know what servers the target
is communicating with. An attacker can be anywhere on the
Internet and can frequently learn the identity of the target's
time source by sending the target a time query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were
certain code paths where a packet with particular autokey
operations that contained malicious data was not always being
completely validated. Receipt of these packets can cause ntpd
to crash. [CVE-2015-7702]. The default configuration of ntpd(8)
within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic
authentication of NTP data, may be able to inject malicious time data
causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the
communication of the daemon with time servers, causing the system
clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash
the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]
[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely
trigger the daemon to overwrite its configuration files. [CVE-2015-7851]
[CVE-2015-5196]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Network administrators are advised to implement BCP-38,
which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.2]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
# bunzip2 ntp-102.patch.bz2
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
# gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
# bunzip2 ntp-101.patch.bz2
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
# gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
# bunzip2 ntp-93.patch.bz2
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
# gpg --verify ntp-93.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as
described in https://www.FreeBSD.org/handbook/makeworld.html.
d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,
which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and
with help of the etcupdate(8) tool on 10.1-RELEASE.
Restart the ntpd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r289998
releng/9.3/ r290001
stable/10/ r289997
releng/10.1/ r290000
releng/10.2/ r289999
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN
VII. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
The latest revision of this advisory is available at
https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D
sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/
RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA
RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM
7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq
mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv
q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15
rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6
JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ
qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB
8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk
EUlBT3ViDhHNrI7PTaiI
=djPm
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-2783-1
October 27, 2015
ntp vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig
directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics
types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file
paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP
incorrectly handled restarting after hitting a panic threshold.
(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
It was discovered that NTP incorrectly handled memory when processing
certain autokey messages.
(CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP
incorrectly handled rate limiting. (CVE-2015-7704,
CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile
directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled
ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory.
A malicious refclock could possibly use this issue to cause NTP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding
certain bogus values. (CVE-2015-7855)
Stephen Gray discovered that NTP incorrectly handled symmetric association
authentication. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP
AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04:
ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS:
ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS:
ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2783-1
CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,
CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,
CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,
CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,
CVE-2015-7855, CVE-2015-7871
Package Information:
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6
.
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double.
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.
CVE-2015-7701
A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
CVE-2015-7703
Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service.
CVE-2015-7852
A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in
version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed
in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in
version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several low and medium severity vulnerabilities.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package:
e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package:
5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package:
39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package:
1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package:
81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package:
8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
# sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address |
|
var-200901-0706
|
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit is prone to a remote code-execution vulnerability.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it. WebKit is an open source web browser engine currently used by browsers such as Safari and Chrome. ===========================================================
Ubuntu Security Notice USN-857-1 November 10, 2009
qt4-x11 vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713,
CVE-2009-1725
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libqt4-webkit 4.4.3-0ubuntu1.4
Ubuntu 9.04:
libqt4-webkit 4.5.0-0ubuntu4.3
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that QtWebKit did not properly handle certain SVGPathList
data structures. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0945)
Several flaws were discovered in the QtWebKit browser and JavaScript
engines. (CVE-2009-1687,
CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)
It was discovered that QtWebKit did not properly handle certain XSL
stylesheets. (CVE-2009-1699, CVE-2009-1713)
It was discovered that QtWebKit did not prevent the loading of local Java
applets. If a user were tricked into viewing a malicious website, an
attacker could exploit this to execute arbitrary code with the privileges
of the user invoking the program. (CVE-2009-1712)
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.diff.gz
Size/MD5: 116770 f73a330179df7d453f50b286ea3a2c7a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.dsc
Size/MD5: 2506 711cb90dfd206bd6553dbe0fb8ecd1e2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz
Size/MD5: 112939803 376c003317c4417326ba2116370227d0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc-html_4.4.3-0ubuntu1.4_all.deb
Size/MD5: 25758932 0b783fa95d4d41487e58d43823806355
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.4.3-0ubuntu1.4_all.deb
Size/MD5: 52821772 7d1f3762baf09178176e99e41a502a2b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 19104 bdc4880e85e007e64d6c5fe8c7c1d81e
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 7560 b65d2d20cdac05a7e8a04c7b51bc6417
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 87571534 73643e89deb481e7a42785d6c65b4594
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 216798 85994fe5c3b286b137ec4f8f3ed9d55a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 2046478 9f4f973c93c20f88838b3b0e48548c75
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 5880176 87946243b9f91e6421a8275417bbecd5
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 7548 df209948939090506a2f3315aa8bb63a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 213524 556f130d7e1c1ec8f3c427888715807a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 432962 a8f5b6db939fd74616b7e666d32dbcbb
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 42350 6281fc06f2395d8462c2fd30ea3f1883
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 162238 3379fc614bd58cc9647b8c40782a45f3
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 1352676 528c9e209ba652d994292fbfb461cb60
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 435712 af2919097110286db882cba8c40958e1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 34384 438d61efc4b1ec7af46ff7aaf15b9a8c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 47234 692ccc3fdd023fa61b1646b3a1073e29
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 39112 cf94d41a0a91e71d3e6a7905705020c8
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 22452 4a020d5b8e2ff02532af056a6765af52
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 26432 5492f45d25d4dfb271318f662db0e50c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 109136 0bde853eb0fef921984e5b9b24695a65
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 160746 b8a19545836d673dda2d1cad49901e5b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 38064 61ee9cd2c51286c698ba738fbd8e4d13
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 53511494 25179f43545ee4f15fa70ff1c4211c66
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 3427782 f3c50589e42291ac643390b3b5056ad3
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 114482 7858ea28ed0ae9e48ebe2d5ebca219ab
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 13447008 3b146e17a13acfa50bfa6759232821e1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 805718 d14b956e7b2c494ef5e359dff2bdb8fd
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 2094928 fad1c4be4f9242977cbb6c191ec19f09
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 4249322 cefb0f909b1913edd97aae55a4ef09c0
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 10502594 4af5ca52a2316f9290d0a99bd1683127
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 386118 35fd3567e5eaf2ecaefab37fe3f21701
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 1507998 8254b4ed13728d957ebf41f74d391c6b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_amd64.deb
Size/MD5: 110220 8e379f1af97edacc7f40037fa342af7b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 19202 2303fd6083a47fe5b85ee1e46ff1ff7c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 7556 30aabb9f249114d86f823795f7e621ff
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 86379828 eb07fdc2dcecb0f26707148362bb70ce
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 216268 96e19c8dc017357682acac62896c5b40
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 2072946 2fc1d9101e2132e43161e2fb600f886a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 5705332 24d5a30fd21ecae4ca3d5bf570b8347d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 7548 527eb6b3bc6fc6fa3d7a4d26c967c919
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 212706 7bb944917c1fb9be6ce6b1cd056afca1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 437368 f086dacfa27998d93fd8f093b0bacce3
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 42348 a2427fa3317fe01341ebe66ee3388c47
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 161130 2c4ebc05d22e3299359b9c64bcb8c3fd
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 1366348 68fef30b16caa835cd6330eec7c5c346
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 420458 ac91fb37161830ba3e0fd4b884639afd
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 33724 868ace8cd8b514b367db48a95217035e
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 47056 c918217593ebc473fc3d050285bec49d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 38336 650d40a12071e2a04316edc5860788d1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 22002 9087daddd7762b1df7a4b9df34166521
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 25898 06bcb1cfcb2df47e758bb89946f9aac6
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 108838 3f80ec6192ebdfd8807450a8aeac928a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 158310 24cf265a2f29818beb73709197bef2c3
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 37122 b536ef0ebc0dcfa6167cd4285e2ec19d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 53126238 bc4c62409883fd6034f07baf1a765853
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 3241850 27d0122caabe919c984b0ff1f59334f9
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 112012 130f929f42286ce4927feb7f3dbd8d18
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 13302092 2deee7794c76d799c789a56c38147d8a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 758112 980c7e2f807f29c95ef51feee1bd6f87
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 2086300 e1d521ac4ef50e82235b61b0b0309c2a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 4285842 f79cbd461f5986a686e35b77e8838c7c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 10346058 cd6b5dd99cc2496e60f65303a4d861e7
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 377632 0adfcc3c280368f734658d611c7f0c69
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 1487606 2f2e1e5f10fb8a9bbd94c647ae355135
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_i386.deb
Size/MD5: 109322 661b18bee424dcc2a108e960dbe51188
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 19118 975962361f82c04fe938397d732d5679
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 7556 5e9705e3675d4882a9040da75d934db7
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 86616234 5f8f6362ef3e45674f8c1480933f4714
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 218292 d89f63624713a3e9f34a7622fd754830
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 2075540 088236f1cb51516af7efb07eb9e859a5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 5791558 693f36209c7728b4da4b3e2a310a2730
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 7546 765882dd4710771b9f01801c34173f17
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 215380 3000fb6b96014944c85f69d9be1e9314
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 439662 ca410c727f89f68f88ed7c32f08c7496
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 42346 d8670500e205ba66ca588d2020eb6e9b
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 163154 044e27e36b057295b8312b3326bb6d70
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 1369342 9945efb11009af3f7f875f4aa70c7fd1
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 429370 47ffb00ebb1918ae6b638872a76412b4
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 34006 b11c44e3a7e1d5ba2277e981de8928d5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 47638 803c079d0a531b0a84043fc1f7c87d58
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 38608 054c5fa2ddbd80efd168dc072e951e0e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 21992 ca7ada6adc17a99b713920b6452b2f87
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 25962 547542c994e3777e900287da869be0e7
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 108930 48566fe567ab5e3ae14185608cc5bd3a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 159630 48eb3c78b4c28d745ef6862e9f5cac17
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 37444 695be042708d936061c289d78c86cd77
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 53250108 4e06206559a3470bad0730e8aec7e615
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 3227648 acbd67fa1648ca9ad1e10f021e66f8d2
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 110938 bae7d2f0c2c13b33123357102f19cba7
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 13316918 c5c409330384ba74489646dabbe9e1a8
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 749270 375901cd31337ffcce0677bef73b8e2b
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 2086296 46b733dc7e08126af4b343287396b051
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 4299788 efc7837ecb1aff0917414f020f4f7710
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 10380362 ee64ccc2462a1767363119ab130f86fb
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 382986 c5c48c0dc497b68bd661eea92b5678b8
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 1501518 06d78b9cb426e70bc1823f755b47cb16
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_lpia.deb
Size/MD5: 111312 2d5f5829685d661dc3b7408c99233f57
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 21316 45b1ea5b5050b2c0c876872af540089a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 7562 4dea3a46b67dca117f5c8924389b90ef
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 90621650 d41925c8e7b667daed298626937652ab
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 226524 48a6eaf02c23089cdf5271b81386ac8c
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 2127276 685f37c1fdc371cfac83711b1dcbe425
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 5876318 f9777dc66d06e8a241a1a08171eca1ce
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 7546 446de6e1e94e17f515641bd91bc34e0f
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 221776 ed54fe99be13d94c994a8dc27a16d0e5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 459056 586952d7ae2b7729d95db536f40b87b1
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 42336 2d51e9ef35064b75b94ff171ca51cbd0
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 173132 a8dce02d86a0341b4e73830baa2ff6ae
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 1435512 9fe6abc1dbc92dba076b088154406ae2
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 438202 72b3f451ee05252b81ff73fa22071b71
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 36940 2ff0cfbae3265612c7bfe005333dee20
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 49810 f6ba70b43ec1b6e504b047dad346eb25
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 41498 9d558baba4e4fbae203a9f72c1c8c150
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 24746 af57d713a5d1e216e350dc70ff7e76e0
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 28826 709982084d93ca6f9eca9e8554cac7ee
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 117160 56cb8f90e619174bde6f8da70d7deb21
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 172392 9598ce1608394ee2888309a6d2c4c943
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 41680 5cd082858ca6bf4ed2c67556508ff8d5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 55519220 92115cc894051fa7bdb29eb6a2f8f088
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 3486770 24e725bf0c47a1108692f4bdd46d23fd
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 121160 944ca0755f1b8057c286f6d3c2e1f8ec
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 14047876 e1523a10c866ca8dc124947a25aeb34c
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 835254 d7dda3b37da92ca6cba70f941964a371
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 2188324 66bd658c0d8f80205ce8aa741a5c25d6
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 4537294 211ff93e7c8e41ee2881baec57f87b32
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 10999204 84090af5c87a89d7d696d00baaf87493
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 391756 7ebc072d2a2750262bb6cb1587c5505d
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 1530908 3fe67007771638ba35c2935a3432d1e6
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_powerpc.deb
Size/MD5: 111696 1a4f101db96d252c9a93b23f9c20f1fe
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 19006 53bc0f17fdc2e7e10938a259b30710c3
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 7560 3b86547b62162ec391f7945b0a71bbea
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 86584472 1490ec1af2900f0515fadf3d10b1c8b1
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 214836 b52c445f198c5d4c2fef5d0110862ed3
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 2082186 a59e474cf1aea5faa97d3c2f38b79768
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 5813064 0b29c127800c828ad782ea08f9869b95
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 7548 9784e2fd6bad6b99dec68f28bf95c013
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 221416 98421a8a2735b28ec69a79dcb12bc36a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 434660 08d518f50779ab7696a49d5789983d08
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 42328 c483fc06c701a311895a8f912594d0ce
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 162370 6a1a2f6940287071f83b69dd0a2074ff
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 1351514 4971ee99b0763cdb1b95a350ca97b725
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 427020 65ee12f6a206cad658d7b4b51cac1c36
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 33654 125d67bc7a3343e16141209ae295f51b
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 46336 97bf93bcf238fb612b6db5254e72bf4e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 38482 3e45668f681c73fe5b2f487e76af92bd
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 21700 6ee8cccd7f120782d7ae07d799adea37
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 25726 14c6e1834745ecf8c24d215bacc7273b
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 109626 46c957419dcf1328dc6e625f5044e087
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 157736 a15b042b86fd9af64e5818867a7bc971
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 36972 2e4f695e58caf79d93f7f929a3f5154a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 54818118 ca0d50eb86ac4c4ed69bbfaac082b78d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 3678126 639241e858bdf4bb280b8c9e24b945e8
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 114956 a7d5d4e9c6eb7a28d607a40b72563279
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 13545692 049544460c82e22450aee8e5d9db6110
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 1029752 3fefe6c4a287a6a59acf2494882e8757
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 2101436 2589e4a81b28459d1e1b9002b5402674
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 4283628 d2ed704202357f329e22cf5995f62651
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 10561886 6cb80130934f4dc83f3449c788251372
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 393816 50f8e31568a792c275dfb5dbbb75d2ab
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 1542060 e2e1180c629e4d08a56c506b482e2ca3
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_sparc.deb
Size/MD5: 113046 ca0bdbedc0b649fc9745a9c356c2f6e3
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0-0ubuntu4.3.diff.gz
Size/MD5: 113724 cf59da7b0c09550ff78b6164e87ee131
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0-0ubuntu4.3.dsc
Size/MD5: 2606 d75ba3f2a8b7a0fc5f17a6d013fd3466
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0.orig.tar.gz
Size/MD5: 125349021 ffbb1aaea2d538df7ec7694cd68750df
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc-html_4.5.0-0ubuntu4.3_all.deb
Size/MD5: 24035224 db61f130680cbfecaee7b2076d9b5b4b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.5.0-0ubuntu4.3_all.deb
Size/MD5: 51777244 2c5967ae92de35d935f22bb8cefdb7fb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 11622 737452fbf1eb644732601da4afe86d56
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 2310 4ab7edba7c683c4cd436ca6f6e43cc07
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 49977848 5a39a981a5a46f5b9833856aa8bd75ab
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 175462 33f715129fcbb8fe17cbf233afdd2735
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 1798666 b0abe77a5b60e101b8a4f796cee35b9d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 6442006 3ec2ed8e896375977496d8aaba00fc0f
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 2442216 55bcb4ba4d60f160adee52790f282bf5
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 2300 b0ee4bbf483c8037799882f47a9ec95b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 169046 f5cec0a5df796752c97289a7599a547f
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 379932 4a675e3de3c9ffeda60720b389dded9b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 31006 6e065ba12e303945dfd4969c7b0e6108
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 150338 1389003b28ca5f92e5bb8c9577a36fbb
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 1033060 00e3845cefc2c24d676c64215cd3c1a4
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 349792 3a0b31c3ad9667c03ecd37efc863e27c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 216816 66d2b7a90f14393d259bf12068f44a0a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 24020 787039fb8afe166961e56b21020c45c4
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 38326 8363daf729bf199a14566ed0054cb110
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 27504 cb2ea2f84ea939edcf662024a81187bf
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 14198 087d5a3f0143d20d87b346e1ef04b2e6
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 17152 4ec3302c7e7b40f41f276883eb1f9cf1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 85832 94f0d14fcfc19c8dfd1a36a29a2d5825
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 129138 a32e5231e108b2f1c869b3631fc98dfe
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 41274 4450aea1e1c1078de1d6d43a77d80ef4
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 58479264 76487ff20906b41662cacb4cd8c4eedc
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 3635668 5d869921403fc9d4e1994b81b92ef122
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 87132 e9da8588cdb3f8995cb440d172f39a56
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 5521678 207d3c7382e7f7dab949b4761c819b67
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 653750 302a9fd3b69b1d41b8e65cd00a4a38b7
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 1490876 a5d562105e8c1d6f14e6c9e38f2f7c1f
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 3589934 59404b3094771d8d30fa4085456661b4
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 24216220 10b8cd267a0d68a7a2a08327e1db059a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 5480184 36ccc9b88e638cf13f3cfce9610d778b
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 247710 0021d694f10622ef0faac30d8f05ed6a
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 6913490 044d9347469b06b3b5c9a52708fb22d6
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 1826192 35ab7279b9e9fe1e93d8c754e0a53f73
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 1301118 10986e4c5ec819a976b7e49161939a16
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_amd64.deb
Size/MD5: 81282 14ffbbbb5b74a10ff0337d6a08fac291
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 11598 8db87ef71449e31c1ab389e26e305793
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 2314 ed908ab64c8ddc432935230e227df32c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 48872540 78c072e9fc494fedd3e56ba2e6c5b14f
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 175422 3d97854e70da9c80dd6187a43c273da2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 1821098 5c0b22bf30f5c0ad3e8e9c35fa29241d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 6222664 8dc2d38b512ae20cf6c0e48f35446e55
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 2426558 bd753136ff81b7879b6d26bd5e6ccbeb
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 2302 96334f4e93762dd1a28ce34f6b6855dd
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 170522 4f124c0feff569d3a7aaf7a537fa5ede
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 386636 39614ce0a48380ec9c9b82b52d46fc48
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 31006 b8e6ffba684bb6aecfe7cf547d069591
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 150268 fd9fc1d937cc2186a241085727f69e45
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 1047674 917768ee99ad30e46d8ea162ba2a55a0
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 345124 783e3146d1d15e7e4b56177c2551dc8c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 219532 dd4402ef905fe36edc219977b8b56522
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 23490 e3ae808d9546d39b318f2032a3efb2ed
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 38370 c3912b46f9819db92995814578905aaa
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 26944 6942237ccbe925f91da83a58d80257dc
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 13910 24fd6fdd62a853df103ccc5eb23f3ae9
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 16950 224500aeec4ee6c0bda83f1979f556b7
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 85482 35f8861a0f387877d757af2a4bcb74fb
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 127134 74b396cfbdfd52fc01a5b44feafddf40
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 40384 850f651e7b3692dd8f0359e1f6fa9912
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 59567434 bbf0c15e2947f809171025aecd169bf2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 3642492 ccd71c16c7d07bd4883700a95a7e310d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 85662 fc005d23610c7815031ccf67e44d57c2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 5446004 9ceeb69be14e99aa371c34c48e0dd8e1
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 631616 58a2c5664efbc4969e273be8d3e51cb2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 1495212 280e8771adeb6e48a31c1c00c65d097d
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 3638476 617f09457809107814b139fdaa11b2cd
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 23695874 19d12080a314954ef6184589c6e6ef64
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 5411704 8ffd319dca0814ec7bf90e392c79d75c
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 242498 cf300d706f60b14c9bdb26d38dfca4fc
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 6733760 802cb485899ba1684255b4189383e2a2
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 1801834 c95b326cd5047777a9b62cf96b842dfc
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 1275490 744e112dc6d57749d4e7c66043162d48
http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_i386.deb
Size/MD5: 80198 e4025eafa9ef6f848712cbb5d305da0b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 11586 35392a8aec66b9f6a80a3f37989a3e84
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 2310 bba9237a24419b96e34626f301cb53a1
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 49102028 35a51944c0b80faa25212c2e5d42af3a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 179254 4dad09ed33bbf71e210fe99628eb8e5d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 1845654 a3ccab02027a27ab368b4d76961f44d8
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 6301482 e970557325b93c7d3c82fc04e051ad5c
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 2460502 bd49c126c36b95c63b6356728557cdbb
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 2300 24c70a2289d01c6f1a675f18bd83fb0d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 174932 e0b29a559a038c9e52d450d3063ae1c3
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 392598 cd76e9d7fbb3946eed667e73ff44350d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 31002 85d63a39a01b18e425b60aa7f70fce23
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 154532 5d40f8b45c5cc367eb56e35680b3f81d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 1063636 29e972e6c664c9d7f49f6ecb57b7249e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 349202 6e483f50400f9bb3322d12d4cd2088a8
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 221612 f5cf566f6fae3460c4ffe038a2ca45eb
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 23800 a5e1ba153e219d5de887ab2f4c331724
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 39248 e2a9bf4f5860c536b5f6bb2dd36080ff
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 27270 6757ef004282dbcb41911519832e665c
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 13914 60e0b2ff89e2fcb170a9bad22fa5a426
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 17028 dc8248f423afcf49684aff36461b1928
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 86128 0013e3a3d503cd8930215ced2bb7e781
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 129896 502e1b866f8b4c93557ccfe37cf84ffd
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 40860 42258f710eafde8ba98cf0d70ed62bbe
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 59829124 f5e6ca21fab5632def632f1980d72968
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 3663718 3c60d09c9701b8583ee9b3ea63df1e09
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 85456 f4cd1db01939e7bea4cf1a14350318d0
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 5462674 73f928cbc1e2ab2a8b0cb35750e33363
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 635968 2ba32c9934c37fb858ef293861296660
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 1503558 71a10407ee8e2b0d8faca71803516543
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 3703968 70254633149e0177b8f40306e1c40119
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 23831210 a47cc662c799d56d39a098a55c7ff860
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 5460356 d0f2731a66583fca365275b4bf15bd43
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 247224 45221df9fac6b935e70f3d49f1641ec3
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 6766074 699d8557725cbc1d98b3facf908aa1af
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 1843474 1c07f5258466db532f77d046fc0464b4
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 1316972 524683da13e66e47fa34a6ddb7067473
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_lpia.deb
Size/MD5: 82774 b3f8e382739f03da9cb94626a2f5211f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 12608 f70d7f88f98c710f00b8dec826a14945
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 2312 fc55af80a812eb5ffbf75ec3a7ee62aa
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 48136850 2863a8886de595c43068283ff45beb90
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 163234 3d9febce56214962ba436358228df2d4
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1623414 d8dcdedae518133907c850aa8230bf56
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 6172098 8d8f8518ff54c90933966fe61729c7dd
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 2264658 67bb52a5f6d6b60300adfb85423c76ac
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 2304 30e86f2760dac7fd3f47c476447bd941
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 157492 6739e773252eb1cd70806bdb96665439
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 360428 215dd6ef03babb6a638c45781bb26af2
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 30994 4b457917bdeb91ba6cfcc02d9e0f1e77
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 148258 ebf113910c60bf1e199cd0e76f8b3115
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 957976 4d49fb9926a4219667b31b76fb75f58e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 313972 4def22b0b2bf687f3d2f6a2f669230d5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 203240 d56786ea920eb436f4ccbef49260eb4a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 24312 b935bc753bd5ffdc7c97e542e55e0e6d
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 36972 a4079076c4edf8f0f2cd22be7866f2f6
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 27426 b36d025e2cf5335c15f6ee7d2314cf9e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 15134 3be81591afc0f3e5614d582a982e17e7
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 18100 dffa427f519211a592132e1d2a5a48e7
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 83246 0c963279944d17e32d467758e84728ec
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 124342 f21e4e8d73ec525468ac0265c1c6ed3e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 40800 721a48d0c19c7036ec6f7f3e8a1796e4
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 56672370 a1b88f4ee8294b49ebaab9ddd5fcf2df
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 3283702 f46252f44921409a43fa89af3a5b7e6f
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 83654 02ea31ab550db40086f5419daeb8bc24
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 5444754 86c71dabb153ac371a3a878a5bfa017f
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 582304 4ef1ec5872ab6fb0cfc33aef011dd051
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1431880 fd055110524b4102c88431c9a094b6d5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 3356692 414febb0dcdc2224bbc4d322bf071471
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 23665304 69d7736174682533b91910e9e9c4e221
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 5394298 4f88263c866b42b011ac6f70b999aa63
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 234970 a30574534ddc200af008c4aef6f830c9
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 6719304 be9f1a32584792b598c76560e7d4a75b
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1681322 40d865a463a5d25a076bf6f55af65b90
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 1135018 91e9ded3076f1f141d29895358b062fa
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_powerpc.deb
Size/MD5: 76466 1c75a4de6f3f7a61c41dc97c1ed3bc56
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 10942 a7a4483b64af47318cdabbde9976a65b
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 2308 b0258f54da89aeda6b40cd6798e6f3ec
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 45231402 d00aea2071e583a895b6a89ff0234e12
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 151694 be8ca9b3ee9a1d47a98867c0aba4160e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 1577576 93f34052ac88e45426f7e45a9c12d206
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 5656966 83e7d65e9aa03882c9a0e20605230a69
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 2225980 eac4944686a27b18f3d0e3a0dbfacc17
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 2302 c318da351836628e9c671eae39dafa9a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 151930 3adca0e45ff6ad23b8258a6717e645cb
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 339444 4bf57591f2c0cc91b69ec0dd1ad0fd30
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 30998 80ecbcd1452055000371a473d8d5fcf5
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 132308 d31962f23a576d6ed29b81d92107d353
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 895788 305fff66ad3943d35384fcb245391228
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 287534 0b5d15fd5302e8430dedad0a002a2503
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 195514 8073d183a54598751563df5efe14f135
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 21426 a8e378abcf5f61aa9085346481b2c7e0
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 31290 d18c888585cfc914c046777d61de2189
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 24464 1a69a86a46673d987ccd6d85f578ee0e
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 12748 5538aadc52d0481f0512e2d87289dc15
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 15496 27b6dde8f85dda5c9bdaa7c165b639b4
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 75964 31c5dbb4d87a23faa146d7224df6fa02
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 109566 79711b8ffb0fb8ea2afa7582375449d4
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 36522 c2f8d5c388c435d666a7339ecf4829df
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 56966338 c120bb1bb4e2edde9bd6349db63bc76a
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 3409284 28669d24488ef04d5bca9220839f7767
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 76352 70dd584dc3c8c9964b427ce0ed3fe5a6
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 5165042 73f9ba9346195ffacf82f84d1ba44c03
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 660376 90e3f41308b8bb4188314c4ec57069a0
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 1352448 0661edc6b955441c5feeb681fe740831
http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 3175982 7a704629253865d41165a33e60a57763
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 22594146 b071a350741d3c8ee3094c887839108e
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 5333208 d0538ce1add58ae9eb2709a28aace8bd
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 233350 bc5b53dfcba69468f73eabd6988a3a62
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 6177274 233d55a34a9c290561f714970196859a
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 1678528 27d97ffe2e9c93cf2412004d03a793fe
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 1093456 20100354350ea3a0150400a593fbb401
http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_sparc.deb
Size/MD5: 76636 6aa6be976ebfa14c11ef8ae811cfb711
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1950 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714
CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693
CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692
Debian Bug : 532724 532725 534946 535793 538346
Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
failures, which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a crafted HTML
document that triggers write access to an "offset of a NULL pointer."
CVE-2009-1690
Use-after-free vulnerability in WebKit, allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) by setting an unspecified property of an HTML tag that causes child
elements to be freed and later accessed when an HTML error occurs, related to
"recursion in certain DOM event handlers."
CVE-2009-1698
WebKit does not initialize a pointer during handling of a Cascading Style Sheets
(CSS) attr function call with a large numerical argument, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
CVE-2009-1714
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows
user-assisted remote attackers to inject arbitrary web script or HTML, and read
local files, via vectors related to the improper escaping of HTML attributes.
CVE-2009-1710
WebKit allows remote attackers to spoof the browser's display of the host name,
security indicators, and unspecified other UI elements via a custom cursor in
conjunction with a modified CSS3 hotspot property.
CVE-2009-1697
CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP
headers and bypass the Same Origin Policy via a crafted HTML document, related
to cross-site scripting (XSS) attacks that depend on communication with
arbitrary web sites on the same server through use of XMLHttpRequest without a
Host header.
CVE-2009-1695
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via vectors involving access to frame
contents after completion of a page transition.
CVE-2009-1693
WebKit allows remote attackers to read images from arbitrary web sites via a
CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVE-2009-1694
WebKit does not properly handle redirects, which allows remote attackers to read
images from arbitrary web sites via vectors involving a CANVAS element and
redirection, related to a "cross-site image capture issue."
CVE-2009-1681
WebKit does not prevent web sites from loading third-party content into a
subframe, which allows remote attackers to bypass the Same Origin Policy and
conduct "clickjacking" attacks via a crafted HTML document.
CVE-2009-1684
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via an event handler that triggers script
execution in the context of the next loaded document.
CVE-2009-1692
WebKit allows remote attackers to cause a denial of service (memory consumption
or device reset) via a web page containing an HTMLSelectElement object with a
large length attribute, related to the length property of a Select object.
For the stable distribution (lenny), these problems has been fixed in
version 1.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.1.16-1.
We recommend that you upgrade your webkit package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz
Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc
Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL
V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s
=DBEQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
var-202112-1608
|
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. ==========================================================================
Ubuntu Security Notice USN-5212-1
January 06, 2022
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly perform
a Server Side Request Forgery attack. (CVE-2021-44790)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
apache2 2.4.48-3.1ubuntu3.2
apache2-bin 2.4.48-3.1ubuntu3.2
Ubuntu 21.04:
apache2 2.4.46-4ubuntu1.5
apache2-bin 2.4.46-4ubuntu1.5
Ubuntu 20.04 LTS:
apache2 2.4.41-4ubuntu3.9
apache2-bin 2.4.41-4ubuntu3.9
Ubuntu 18.04 LTS:
apache2 2.4.29-1ubuntu4.21
apache2-bin 2.4.29-1ubuntu4.21
In general, a standard system update will make all the necessary changes. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3.
Security Fix(es):
* httpd: mod_lua: Possible buffer overflow when parsing multipart content
(CVE-2021-44790)
* httpd: mod_session: Heap overflow via a crafted SessionHeader value
(CVE-2021-26691)
* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
(CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted
automatically.
5. Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value
2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests
2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
httpd-2.4.6-97.el7_9.4.src.rpm
noarch:
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64:
httpd-2.4.6-97.el7_9.4.x86_64.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
httpd-2.4.6-97.el7_9.4.src.rpm
noarch:
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64:
httpd-2.4.6-97.el7_9.4.x86_64.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
httpd-2.4.6-97.el7_9.4.src.rpm
noarch:
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64:
httpd-2.4.6-97.el7_9.4.ppc64.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm
httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm
httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm
mod_session-2.4.6-97.el7_9.4.ppc64.rpm
mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le:
httpd-2.4.6-97.el7_9.4.ppc64le.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm
httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm
httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm
mod_session-2.4.6-97.el7_9.4.ppc64le.rpm
mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x:
httpd-2.4.6-97.el7_9.4.s390x.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm
httpd-devel-2.4.6-97.el7_9.4.s390x.rpm
httpd-tools-2.4.6-97.el7_9.4.s390x.rpm
mod_session-2.4.6-97.el7_9.4.s390x.rpm
mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64:
httpd-2.4.6-97.el7_9.4.x86_64.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm
mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm
mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le:
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm
mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm
mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x:
httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm
mod_ldap-2.4.6-97.el7_9.4.s390x.rpm
mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64:
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
httpd-2.4.6-97.el7_9.4.src.rpm
noarch:
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64:
httpd-2.4.6-97.el7_9.4.x86_64.rpm
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-26691
https://access.redhat.com/security/cve/CVE-2021-34798
https://access.redhat.com/security/cve/CVE-2021-39275
https://access.redhat.com/security/cve/CVE-2021-44790
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 7.6) - noarch, x86_64
3. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks
and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
. This was addressed with improved input
validation |
|
var-202301-1703
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Safari , iPadOS , iOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: May 30, 2023
Bugs: #871732, #879571, #888563, #905346, #905349, #905351
ID: 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in arbitrary code execution.
Affected packages
================
Package Vulnerable Unaffected
------------------- ------------ ------------
net-libs/webkit-gtk < 2.40.1 >= 2.40.1
Description
==========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
References
=========
[ 1 ] CVE-2022-32885
https://nvd.nist.gov/vuln/detail/CVE-2022-32885
[ 2 ] CVE-2022-32886
https://nvd.nist.gov/vuln/detail/CVE-2022-32886
[ 3 ] CVE-2022-32888
https://nvd.nist.gov/vuln/detail/CVE-2022-32888
[ 4 ] CVE-2022-32891
https://nvd.nist.gov/vuln/detail/CVE-2022-32891
[ 5 ] CVE-2022-32923
https://nvd.nist.gov/vuln/detail/CVE-2022-32923
[ 6 ] CVE-2022-42799
https://nvd.nist.gov/vuln/detail/CVE-2022-42799
[ 7 ] CVE-2022-42823
https://nvd.nist.gov/vuln/detail/CVE-2022-42823
[ 8 ] CVE-2022-42824
https://nvd.nist.gov/vuln/detail/CVE-2022-42824
[ 9 ] CVE-2022-42826
https://nvd.nist.gov/vuln/detail/CVE-2022-42826
[ 10 ] CVE-2022-42852
https://nvd.nist.gov/vuln/detail/CVE-2022-42852
[ 11 ] CVE-2022-42856
https://nvd.nist.gov/vuln/detail/CVE-2022-42856
[ 12 ] CVE-2022-42863
https://nvd.nist.gov/vuln/detail/CVE-2022-42863
[ 13 ] CVE-2022-42867
https://nvd.nist.gov/vuln/detail/CVE-2022-42867
[ 14 ] CVE-2022-46691
https://nvd.nist.gov/vuln/detail/CVE-2022-46691
[ 15 ] CVE-2022-46692
https://nvd.nist.gov/vuln/detail/CVE-2022-46692
[ 16 ] CVE-2022-46698
https://nvd.nist.gov/vuln/detail/CVE-2022-46698
[ 17 ] CVE-2022-46699
https://nvd.nist.gov/vuln/detail/CVE-2022-46699
[ 18 ] CVE-2022-46700
https://nvd.nist.gov/vuln/detail/CVE-2022-46700
[ 19 ] CVE-2023-23517
https://nvd.nist.gov/vuln/detail/CVE-2023-23517
[ 20 ] CVE-2023-23518
https://nvd.nist.gov/vuln/detail/CVE-2023-23518
[ 21 ] CVE-2023-23529
https://nvd.nist.gov/vuln/detail/CVE-2023-23529
[ 22 ] CVE-2023-25358
https://nvd.nist.gov/vuln/detail/CVE-2023-25358
[ 23 ] CVE-2023-25360
https://nvd.nist.gov/vuln/detail/CVE-2023-25360
[ 24 ] CVE-2023-25361
https://nvd.nist.gov/vuln/detail/CVE-2023-25361
[ 25 ] CVE-2023-25362
https://nvd.nist.gov/vuln/detail/CVE-2023-25362
[ 26 ] CVE-2023-25363
https://nvd.nist.gov/vuln/detail/CVE-2023-25363
[ 27 ] CVE-2023-27932
https://nvd.nist.gov/vuln/detail/CVE-2023-27932
[ 28 ] CVE-2023-27954
https://nvd.nist.gov/vuln/detail/CVE-2023-27954
[ 29 ] CVE-2023-28205
https://nvd.nist.gov/vuln/detail/CVE-2023-28205
[ 30 ] WSA-2022-0009
https://webkitgtk.org/security/WSA-2022-0009.html
[ 31 ] WSA-2022-0010
https://webkitgtk.org/security/WSA-2022-0010.html
[ 32 ] WSA-2023-0001
https://webkitgtk.org/security/WSA-2023-0001.html
[ 33 ] WSA-2023-0002
https://webkitgtk.org/security/WSA-2023-0002.html
[ 34 ] WSA-2023-0003
https://webkitgtk.org/security/WSA-2023-0003.html
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: webkit2gtk3 security and bug fix update
Advisory ID: RHSA-2023:2256-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2256
Issue date: 2023-05-09
CVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923
CVE-2022-42799 CVE-2022-42823 CVE-2022-42824
CVE-2022-42826 CVE-2022-42852 CVE-2022-42863
CVE-2022-42867 CVE-2022-46691 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700
CVE-2023-23517 CVE-2023-23518 CVE-2023-25358
CVE-2023-25360 CVE-2023-25361 CVE-2023-25362
CVE-2023-25363
====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
webkit2gtk3-2.38.5-1.el9.src.rpm
aarch64:
webkit2gtk3-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
ppc64le:
webkit2gtk3-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
s390x:
webkit2gtk3-2.38.5-1.el9.s390x.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm
webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm
x86_64:
webkit2gtk3-2.38.5-1.el9.i686.rpm
webkit2gtk3-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el9.i686.rpm
webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32886
https://access.redhat.com/security/cve/CVE-2022-32888
https://access.redhat.com/security/cve/CVE-2022-32923
https://access.redhat.com/security/cve/CVE-2022-42799
https://access.redhat.com/security/cve/CVE-2022-42823
https://access.redhat.com/security/cve/CVE-2022-42824
https://access.redhat.com/security/cve/CVE-2022-42826
https://access.redhat.com/security/cve/CVE-2022-42852
https://access.redhat.com/security/cve/CVE-2022-42863
https://access.redhat.com/security/cve/CVE-2022-42867
https://access.redhat.com/security/cve/CVE-2022-46691
https://access.redhat.com/security/cve/CVE-2022-46692
https://access.redhat.com/security/cve/CVE-2022-46698
https://access.redhat.com/security/cve/CVE-2022-46699
https://access.redhat.com/security/cve/CVE-2022-46700
https://access.redhat.com/security/cve/CVE-2023-23517
https://access.redhat.com/security/cve/CVE-2023-23518
https://access.redhat.com/security/cve/CVE-2023-25358
https://access.redhat.com/security/cve/CVE-2023-25360
https://access.redhat.com/security/cve/CVE-2023-25361
https://access.redhat.com/security/cve/CVE-2023-25362
https://access.redhat.com/security/cve/CVE-2023-25363
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
For the stable distribution (bullseye), these problems have been fixed in
version 2.38.4-2~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)
curl
Available for: macOS Big Sur
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.85.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-01-23-7 watchOS 9.3
watchOS 9.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213599.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)
ImageIO
Available for: Apple Watch Series 4 and later
Impact: Processing an image may lead to a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
Maps
Available for: Apple Watch Series 4 and later
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2023-23503: an anonymous researcher
Safari
Available for: Apple Watch Series 4 and later
Impact: Visiting a website may lead to an app denial-of-service
Description: The issue was addressed with improved handling of
caches.
CVE-2023-23512: Adriatik Raci
Screen Time
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)
Weather
Available for: Apple Watch Series 4 and later
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,
Chinese Academy of Sciences
WebKit
Available for: Apple Watch Series 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Additional recognition
Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.
WebKit
We would like to acknowledge Eliya Stein of Confiant for their
assistance.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPImAACgkQ4RjMIDke
NxlPXQ//eXfTfjIg6Y/1b0u3+Ht29Qjn7kw6Gh296lh6jlGatQ8zXyk1dGl6MKcp
ZTc7DFfL1VUN6MovOqW5qcR+MIV6hDiUd54ncDgjCXdHrtTG+bYchX5CJf5IIb67
gZP/2bBt4PQ+PHm3KqXPp7QauJWYD1d7AHChwqEbYchHxvgedB7Pu6nJvG3bnFmh
8ny/xrFEhtIDahw4MbicvK847aVpXyH6NxEoRY+8b9/4VocttfUPwMkGZTkVt/tz
9qfmKgjWpX2mTP9iaLlZdCUV/I4HcjTW0/nkDoaTBVDLW96DSeIo4nMM3qkcygRl
TPVlvm+3Nenib1b6PZ71B26IJbmGdwR02SEpUPDDXbTGZeWmcyXe7ncvwSIbcGRI
sPGMq6mEPi+rKTXKZeqPSDFnUlZJna2aNg9fPL9AZ1gwfNSbuhh5ZKQ9AAWA+k51
4QtoReAKUXinl8vr7BNVQSJSiZLMdgph4nCTYk1RA/VHDPjwaAJehDFUqKKKTuvp
h59J8OSw0HaWP2NcMEglO4/EXj09E3gfveQ74KtG+eDbBMKa+RArIgOZZaDOk2F1
6Fs316bNBI9tMxP34gFEvexTTBuQpoR/76pSQajlaSdas5Jeub2QeJVHkBPMdatD
HBbjpZhu4JcYqDVSDt58Ra5IsaM+OLkhvvCfi+UYxOiyZis3gn8=
=/vLS
-----END PGP SIGNATURE-----
.
Safari 16.3 may be obtained from the Mac App Store |
|
var-202103-0287
|
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Linux Kernel Contains an initialization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:1739-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1739
Issue date: 2021-05-18
CVE Names: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431
CVE-2020-11608 CVE-2020-12114 CVE-2020-12362
CVE-2020-12464 CVE-2020-14314 CVE-2020-14356
CVE-2020-15437 CVE-2020-24394 CVE-2020-25212
CVE-2020-25284 CVE-2020-25285 CVE-2020-25643
CVE-2020-25704 CVE-2020-27786 CVE-2020-27835
CVE-2020-28974 CVE-2020-35508 CVE-2021-0342
====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
* kernel: use-after-free caused by a malicious USB device in the
drivers/usb/misc/adutux.c driver (CVE-2019-19523)
* kernel: use-after-free bug caused by a malicious USB device in the
drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
* kernel: possible out of bounds write in kbd_keycode of keyboard.c
(CVE-2020-0431)
* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
* kernel: use-after-free in usb_sg_cancel function in
drivers/usb/core/message.c (CVE-2020-12464)
* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
* kernel: Use After Free vulnerability in cgroup BPF component
(CVE-2020-14356)
* kernel: NULL pointer dereference in serial8250_isa_init_ports function in
drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
* kernel: umask not applied on filesystem without ACL support
(CVE-2020-24394)
* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
* kernel: incomplete permission checking for access to rbd devices
(CVE-2020-25284)
* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
(CVE-2020-25285)
* kernel: improper input validation in ppp_cp_parse_cr function leads to
memory corruption and read overflow (CVE-2020-25643)
* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
* kernel: child process is able to access parent mm through hfi dev file
handle (CVE-2020-27835)
* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting
- ->real_parent (CVE-2020-35508)
* kernel: use after free in tun_get_user of tun.c could lead to local
escalation of privilege (CVE-2021-0342)
* kernel: NULL pointer dereferences in ov511_mode_init_regs and
ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver
1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter
1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem
1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component
1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code
1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices
1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0]
1894793 - After configure hugepage and reboot test server, kernel got panic status.
1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
1896842 - host locks up when running stress-ng itimers on RT kernel.
1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds.
1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem
1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c
1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle
1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon
1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege
1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c
1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-305.rt7.72.el8.src.rpm
x86_64:
kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-305.rt7.72.el8.src.rpm
x86_64:
kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7
NEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl
WEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7
t6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq
0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk
tW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5
BssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen
m7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr
RxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe
ZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV
lwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J
iJzkORGWplM\xfb/D
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1328 - Port fix to 5.0.z for BZ-1945168
6.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source
tree (BZ#1968022)
4. Bugs fixed (https://bugzilla.redhat.com/):
1886285 - CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c
1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
1968022 - kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree
1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
6. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.13. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
This update fixes the following bug among others:
* Previously, resources for the ClusterOperator were being created early in
the update process, which led to update failures when the ClusterOperator
had no status condition while Operators were updating. This bug fix changes
the timing of when these resources are created. As a result, updates can
take place without errors. (BZ#1959238)
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is
sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is
sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is
sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled"
1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go
1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list
1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits
1959238 - CVO creating cloud-controller-manager too early causing upgrade failures
1960103 - SR-IOV obliviously reboot the node
1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated
1962302 - packageserver clusteroperator does not set reason or message for Available condition
1962312 - Deployment considered unhealthy despite being available and at latest generation
1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone
1963115 - Test verify /run filesystem contents failing
5. ==========================================================================
Ubuntu Security Notice USN-4752-1
February 25, 2021
linux-oem-5.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.6: Linux kernel for OEM systems
Details:
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)
Jay Shin discovered that the ext4 file system implementation in the Linux
kernel did not properly handle directory access with broken indexing,
leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2020-14314)
It was discovered that the block layer implementation in the Linux kernel
did not properly perform reference counting in some situations, leading to
a use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-15436)
It was discovered that the serial port driver in the Linux kernel did not
properly initialize a pointer in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-15437)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)
It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)
It was discovered that the block layer subsystem in the Linux kernel did
not properly handle zero-length requests. A local attacker could use this
to cause a denial of service. (CVE-2020-25641)
It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
It was discovered that the KVM hypervisor in the Linux kernel did not
properly handle interrupts in certain situations. A local attacker in a
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2020-27152)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory). A local attacker could use
this to gain unintended write access to read-only memory pages. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2020-29369)
Jann Horn discovered that the romfs file system in the Linux kernel did not
properly validate file system meta-data, leading to an out-of-bounds read.
An attacker could use this to construct a malicious romfs image that, when
mounted, exposed sensitive information (kernel memory). (CVE-2020-29371)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.6.0-1048-oem 5.6.0-1048.52
linux-image-oem-20.04 5.6.0.1048.44
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4752-1
CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437,
CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641,
CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815,
CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369,
CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52
|
|
var-201011-0174
|
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. (DoS) A vulnerability exists that could result in a state or arbitrary code execution.Crafted by a third party IPP Denial of service via request (DoS) state or execute arbitrary code. CUPS server is prone to a remote memory-corruption vulnerability because it fails to properly parse Internet Printing Protocol (IPP) packets.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition.
CUPS versions prior to 1.3.7-18 are vulnerable. ===========================================================
Ubuntu Security Notice USN-1012-1 November 04, 2010
cups, cupsys vulnerability
CVE-2010-2941
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.20
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.12
Ubuntu 9.10:
cups 1.4.1-5ubuntu2.7
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.3
Ubuntu 10.10:
cups 1.4.4-6ubuntu2.2
In general, a standard system update will make all the necessary changes. In
the default installation in Ubuntu 8.04 LTS and later, attackers would be
isolated by the CUPS AppArmor profile.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20.diff.gz
Size/MD5: 115984 2260cf14fa9eabb70e0638fdf6238954
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20.dsc
Size/MD5: 1701 195ad42d104530d991e9f490c6f0988c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.20_all.deb
Size/MD5: 994 ead28149a3fe33fd7a3ec85ae883d6bd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 36544 0100c53857242ffbc142fed4f072dab3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 81330 15a675a80658b7cfa824043f3ffa2b21
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 2331706 217ac23c1df603d82d5747e49406d604
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 6092 7ebd90ea139cb0591045c0882b802842
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 78702 9e598e6ae57621e513c52e093a3ee523
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 25812 1ecd40a20df626c644636c4eb798b691
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_amd64.deb
Size/MD5: 131558 5bd780d21c8cbcb107cb0831bc565103
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 34764 f4f7e517829d80e26987031a2ee18cd5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 77880 a250b4072d9c800185eee02447d4931e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 2263814 9275a836c4bb87c3ff5c76dd36f40151
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 6092 f30d60fd88470f876953dac745a1f4f1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 77362 4f50fffd90d6948040a1e92f419d954c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 25764 e8dc4e4db38e5a9528db16d54420da4b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_i386.deb
Size/MD5: 123644 02d2b0eba02847866df7bb431d5e5f4c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 40470 5aa3b6945c4ee3c7d5b687647cb65595
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 89496 7ac8ba447d27c1779e110766fa905892
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 2310130 8aa5fdee8a55aff46f22364ec10201bb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 6100 86cc8753715cc020278feeb937ad95af
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 79892 6925e0081820584e28de636d2eaff567
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 25762 86b14da6fcafad9c94ad2839b4fc775c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_powerpc.deb
Size/MD5: 129424 056489bfd38abb2803268703b2f14830
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 35388 69d008101f7643a9902107557ba8f61c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 78688 e12768f2daeed511ffddc2a0e34aa5f8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 2298472 25374e04465cb76eaf0d2e8d435a918c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 6100 d418e76c7dbb31771e8336395f379e36
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 77162 e92ac195932c41517175fc86bcff4a61
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 25776 5aee3f5303231dce5c188c5c120df0c8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_sparc.deb
Size/MD5: 125072 f1f2f0fe31aea99a5c59be705a317f28
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12.diff.gz
Size/MD5: 153391 d100b51a6f4aaa7cee23a27b85e73278
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12.dsc
Size/MD5: 2084 4207d04321d67a2494d45335f336bfab
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.12_all.deb
Size/MD5: 1144586 a0d45e6d111babdae9f753affb3fec8e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 37526 aad91eaf3d344f2398554697b7f88aba
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 90066 0220bd42d1eff4a7ebc4ff835e5c5d62
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 1890160 d86e5d94b0f848be3357274e81edf9d8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 60800 ff353e3042f2fa8f0e84939f050cfcfe
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 50222 e542208af5f7a467830e419b626cfef7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 345378 f07c4b029952b7a6642c72b0c8147836
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_amd64.deb
Size/MD5: 179260 aa682ea9595bf1d0a2d05056d0891684
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 36944 c48f0b914ac1b894e22d2cc603d9d5d1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 88546 97796e3f9b13de442f10e7610760db51
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 1872366 86e3874ba6d76c8bc8cc008b1a20179e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 60088 2c4f2b000fe55507870f2d1ba35a1671
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 49854 7a265c6722a71a777ad6983221c69237
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 339712 1cdbcaba6e3ca72263029e02c4e9a644
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_i386.deb
Size/MD5: 176192 48dc7e10c58edac35ab5cd07d80d3ec8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 36662 f3bd3b7be79d8cd3f848ed485ead9f89
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 88854 09246564701d7218582b03b64d1a51b8
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 1874020 836f2a232fd589f90d275710d3235efa
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 60494 6a4ac9b403951b60d152b5fe5632cd9c
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 50812 cd0ea5b7ec8a434fb60f16d21c6f05c4
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 337338 6c831c798a722383e513da144a7eb201
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_lpia.deb
Size/MD5: 175080 9b68ef482abe42005b2f395d49b92deb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 46926 69ef7fd1961cb78692940413a3b14703
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 110654 6d9a3b20490e0bbfcc8930186f3cb179
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 1958632 59c58ffa6d6a5c9d2052186d8c83dd45
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 59940 bc4e5e81985274129d6be4d9bf4e88c1
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 54928 62a214ab162fbba83fc5e3724e24c268
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 342106 d1039ccae2da1136548519a86618d07e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_powerpc.deb
Size/MD5: 185046 da33c5d83912dbdb1def18ae0e8fccca
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 38028 ac6dafd1e364d4e5288f357452cad333
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 91042 36d694b41a118349c573816d52014eea
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 1907954 63d93420d6d4a7dd88e70c4f8a2611fe
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 57828 504f2d11c6a0e4a4ec3918914aaad705
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 48216 c929a0ad18aba9e083b5d9948350fdde
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 341870 552f51c9d77099052f02e463e1ddd786
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_sparc.deb
Size/MD5: 175040 22bef42fc45647fa782a60adacbb58da
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7.diff.gz
Size/MD5: 431562 e0b9944d804c1aff3953fc9dafb8d096
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7.dsc
Size/MD5: 2913 43a1c177131b4988112e0383e4973599
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz
Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 1448128 fc5032bde5ed5135007a3692560c540b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 70036 bd99f8fefc1989f1aa911ccb017296eb
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 69992 469b7b45dd48ad7043c7119c36ff3a08
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 70030 9a40a963777db6e952022c44e5567e13
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 70038 82e66988e123170500344160f83c9da8
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 4552 bc633c6de278ab369fd11ea560f6a5cd
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.7_all.deb
Size/MD5: 70022 7c5964c2937717e3b1594fcf2f5e8efc
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 36802 6ccdde79f9346b460b94fd58f3d085a4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 119120 126ed31ae420a556fa5731b1fae0c2f1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 90236 8fc6d838da43d0d9bf8c005e0d0314c7
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 1923346 9ee9498012753aa85e1c5b4cf65b43ee
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 210146 a6fdf1472beb01e0b8ba06151d7fee60
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 219290 6ea7983166dd24f9c9178354185ad8e5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 103908 5eb06c332ee7327e2cf3777074a35715
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 33136 16b50f42d086f2873084baeb274dbe52
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 90504 69d2494b1a8b3b3a08ac3686756b6e95
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 22186 4d244262c26095daea344749ecfc0750
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 61472 0c7a0e7e72f889a318044ac26fa41883
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 53146 86c41ac9f6fb52bc023d7d50c6763df2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 81584 cfa5e895475d89da723d31b9e2bc91ae
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 15484 43c09fdbefed85969f3f6d054430ad2d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 143344 75724699fc6ef3dc024e6a46ae64e149
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 60104 2dc0b769bbbb0e63ecd68141081a3bb1
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_amd64.deb
Size/MD5: 34374 8b1f343d3fd80752df58ab617eba2419
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 37286 21c169642cf1b5f83374c31e96830050
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 117050 9a9cf41b1af5da52f27127b68ed3bfe0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 89440 e6ddf27ef78e89267bee1161bff21fcd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 1882242 5bfb3b88fe626622ee7843b66756081e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 200122 90e025459b2b40244469176fd3faf094
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 213344 fc3f43cee2859a0d5dca7a4ad64fe236
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 103168 719c581429133911d299fca40cf31786
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 32886 f4d23719c54775cefb8ef165f3a2b125
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 90904 037a85ef22bf3255f4217b4ed344a3a6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 22052 1ab1001a9de6b5643b1c6ab5d0557ef2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 60308 cd86a721fae0e804e357ea8be15b8d3d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 52416 3dad186c766628012f10da03b4cbdea8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 81608 49be79645ac3a1affd133e8dc53440cc
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 15206 1802f658765b5bd06a47bb5a275af445
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 142068 8ee3ed8c5eb979403723a17c4b227bf1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 61450 ac39821bde93f141da4cf8786456403a
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_i386.deb
Size/MD5: 32526 70084580929abb8ad9c4f257096bb712
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 37978 5f4a03698c5dc60020543e02c4fc744d
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 117672 b494b5b52cb80b426008a9f928a41a7d
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 89822 9283b7ca6abeb2253468d913ad6fc334
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 1897494 02556e86cd938e3892bd1851660bcb49
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 195160 646653b357b4dd90cefe4b952e30dcfa
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 205302 af31b0d2fb519a99226b75cc54d0ef11
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 102880 b44083cd6d720d72022eef0311bebece
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 31136 e1b2169d8e706dab0a7643b15ff34063
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 89648 789d5ddf4a6a5669e23be7acb52ce36e
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 21928 7cfe612958e8d2ef3711169b503a4e81
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 52686 1cda15b69f54ec26d04eeea53023e451
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 48162 28cea786ab5a377b1874f5ae4bc6d189
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 80988 5d5dfc2bc5f111b4c0032f0550d55c2a
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 13984 714b0eb833084a7f457e679318cb2898
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 138554 50eef4a06b3e5b74a050bd95f0556f7c
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 56110 4b29313354067415452e1e760187bd2b
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_armel.deb
Size/MD5: 32832 6a9c80e0ce9eeb8011e95420369dbaa1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 35434 902d95777dd5fc98f3f9f7c38a446602
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 115160 c86250128ac38b19372a976255e5d5fd
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 89260 4e27b67b6ca60aa0c04d9e042bd785c1
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 1865328 ea244b4660a5a6489bfd9f934dd62219
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 197118 cba43bd0bfc6410ffe3351897c4cc09a
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 212234 d58e79fabdc8f69dfb9709016b3479ab
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 102368 a53fcae18e1e86337d00305fceb51fc3
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 32670 ebd2bf68935b201520f755f0ecc5db39
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 90228 05600fad0a6cc8a732e2e2cdc13d2298
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 21774 b30240e0da5de6e6d82dd439abaa8e0e
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 59958 f85c3e38a6b0a7f536745f6dd58721e6
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 52572 90713089934ea4117421483602696710
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 81456 53f77f6091e1474f6baed9166845b1ba
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 15306 3d067351f9e10ffef1088d9b7681fa91
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 142280 5dfac22d9c8a0ff554bfd1ae99f1afdb
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 62670 7c144c60946d1b787661d0b7ac62b64b
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_lpia.deb
Size/MD5: 33266 5a704d19ff0f52a0fcf0ebc553af3758
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 37004 c8d55909847e1b7a9d4c8dec0a851329
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 121658 2829186cb12bcac3406edf2ef49c9cd9
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 89882 2cd5145084a2fad3f5c2f0b666c54e93
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 1931058 6427f23d2f314c6e644cff1e3ab59c56
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 203970 5b0ee44f701db4ae4a384850a125d579
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 224120 6b21e913300af6989a6588affb079e53
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 103124 c08a41f0626eb765927ab68696be4e74
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 35072 582207cc4aff88b082f3cebbfddbf68f
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 90002 c4c86e49d2e130baadca43b07961148e
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 22328 70597bc1f9c1dd07597fad5c900c8e6b
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 60620 7363d34cfc15c325f8677e57939421c2
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 55376 9c8019771957d2a25b7c3161194bc699
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 81966 0ed00d6c8ae67b6ff666a7c2d207221e
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 15798 ab6b9800336598e58b5b26cf0a0bbd23
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 141556 fe7be77dc862fb4ba908cd573b092c46
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 64966 30eea4d79b2ab02ddc55d6e971aca8bd
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_powerpc.deb
Size/MD5: 34780 a3eb64f64564877244faf048010d6f1e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 36056 aace49174c745376f17a6b91a5e89dbe
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 117794 6ce05e8aaee7dd6a2e1adb05802cd288
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 89744 85a62cac8fd8572071146fe6f5362035
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 1954414 5b1390bda44d3abc1ef7a49274cdd200
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 201894 b0589a54aa07f2b4801bc9c15cb44815
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 211292 fbc73a736c6763cd6082602c5e81a20a
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 104786 03de1211e6cf72118afa7be89a570bd2
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 32992 f109f25be22ab172c2a1403ac8c6214b
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 90212 4cbcc14e66e2b3436bff7fedd6ce13d7
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 21384 22a06d54fa23d1d2553517e7bff00649
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 58160 70b1d7c9c37982aaa4021797edcaaa3a
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 50284 681bf952147baca7731e0de295386f66
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 80736 8352547bdc17ee25fb560de46ec404d9
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 14386 e584a929f90a8934f3971a5b4a82e85f
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 144684 a111bd52c9988eeb0db9b59fa507a5cc
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 61444 154b65e9ba61832a211a9281f52677f4
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_sparc.deb
Size/MD5: 33870 b79480aa250bc02fd399c69fc7f9f4b7
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3.diff.gz
Size/MD5: 497262 402b8b828f8dac2398f5c7f5fac6e914
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3.dsc
Size/MD5: 2913 70cea45f1aea610b3fe7a95cef1b3d28
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz
Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 1489516 dbb34d911404c74782e537187561e675
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 73614 9132a178b2f8abce38f114f95a9a66dc
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 73574 8afd8722fc907a914bf5be7f66c0fbaa
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 73610 c95a6c706a48607516d1c78f8b036cb1
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 73618 ffcdd590135bff148be34b6c2e717184
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 4548 052c5af48a76a8d5420419c7534c22f3
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.3_all.deb
Size/MD5: 73596 e1ad77992fbcfd6be4de9dc0b9a95391
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 44790 242116e48bf3cc622691101b0277f659
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 140600 54050a2dcea4b8484fcca0f970986e5d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 93976 febaf07a13aefda49fbef667e19f6964
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 1973814 a4a1179e95981ee33f731c0f7275cfe4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 213008 3e1b2f73e006f42f1c0ab9979602797a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 223614 dbe8143413ad9618f7da72d83119309b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 107858 3ca69611fb817298304fef07886de0f6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 33100 fe4d4d21d773f3758b861d12174f8f7f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 94268 0959f088466524a11c8039802852754d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 22084 27054a044a383c678ad2ff53da17cfbb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 61446 055cdfce662880faab429cb476f15194
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 53106 7ef361c3d916a793112dc9e736b2c98a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 85378 6b3c328c4db7790798c7cf034e4e5e83
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 15446 0870a9212a91a998c52b79cea221658b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 147198 423f1e9aec9e7face65983742436171b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 59978 2c3ee0c112d06f14dc4227f04cb04627
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_amd64.deb
Size/MD5: 34598 c3026d5b5df66fe6348d1913a03b9eb9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 45142 7ed212c4b4c8792b253c649c77dbd57d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 137536 e727a18f5b0cdf25d3270a04ed669375
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 93332 b9e91cefc925fe4c4a77ce35f3a9d864
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 1942698 8c6c0cc4c614b8c597a7ff2b9c9652dc
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 202960 b9dec04dbcb2fa3379b0495a854b049b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 217496 24351ef3ab6779790cf5d21a3d1710d1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 107088 48a5a5f31fe1e556c8f10371b9fdd7d3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 32960 ebded948a5de9aa7e04936edde92ce2f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 94470 8619c4d74aa99de9331dbafd041f4922
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 21768 b9295c7f8fc0c4259e84eaf01ec5a1e0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 60186 d50e8e03d25e78bd654f27a08ad629b6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 52274 dda10e8a1e2f37dc031cda1db7125cec
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 85408 f1f47a00f8eb742e5d1a81e5b43a4039
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 15132 7a032e31bc8ce62d92f1516d3cf22604
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 145788 250f235fa4f1a25060b08b5e27e4ef50
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 61264 fdad338c274792ff064c7d69d3dec313
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_i386.deb
Size/MD5: 32580 2c93034e121df35cf8e8fef2ad317ae2
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 44810 4287d914817d86e9a03e41cb45dbea67
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 135130 12098871418f2d1effa3321da164ae1b
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 93018 372e9cf4ba84de5312459866b969627f
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 1917068 0d1d3d32007d0a7df70fe13d5e2ec014
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 190622 e774b10481d0541cd4ad3efd27ee8888
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 206474 51cc2bdbd7b5e8845dc1f93ab0550e9b
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 104474 c6d24643f9650ab5c82e20f83b838a37
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 30556 453856f1d44216cfc630ebd682303322
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 92276 e6d13799a791aa41ce3e2636980e592b
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 21278 e25b7341b9296913bd8ee837bcd82722
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 49716 f42838ac884d02678655ba186620022f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 45240 56b42c628c5722bb103bfdaf554b4a79
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 83698 382269c8be922fb2c26ff045758002de
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 13836 f0f89c1bf0c2d3f7698c25766bf33771
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 139954 0e56338cfb6a130752f92d8306d64483
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 55464 2befcb0d74eb142d07a7e2ecb4546c14
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_armel.deb
Size/MD5: 32974 0814021800f0e632f7b0b32b09996d07
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 44790 160eac0bd8a5a62314bd5be93f913782
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 142142 3059d78dd4e0cfc29292701cddeb5e34
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 93624 92cb289ff245d4455015d37f7e8500f6
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 1992798 a92d8fb1cc26dba20de0ef258a693392
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 206576 f3cde7c696d74d6329714f59dff6f3e9
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 228250 308837f01bf40036e91ddb7ed9b3485b
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 107108 c4374b4630da1f5e90cf061b763e3295
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 35028 2faef8178ef95971f9673ea25c290b3a
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 93790 28cdcd4d61d02d2d5eeb6822d7f917ab
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 22236 3ac091a89390ca3dbaa68d2443421ce5
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 60540 4f747b5f9b7220d506e78bd1dd8cc9e2
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 55300 263334c0c5169f2e5853a3158ed70084
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 85776 dd37c83db8830f9a81c8c5dd0327bf55
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 15708 60fd9a8032bc65aa11684f5df354bb03
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 145332 d24ad815c54875e76de513977285ba7b
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 64910 bcc74ea69a17fa2962eda3a9ad5512fe
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_powerpc.deb
Size/MD5: 34774 39a3f1687db91032805c901284671941
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 44076 76c042fffb05ef0033819d8027d16d3b
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 140910 bb7ade567adb71b081fcf0926adfdb81
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 93306 74f17ac1c60e1687af57410ad552e9b5
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 2042536 4d02d83f10d49161de54e18441f3f4c7
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 210220 ca1199b2d2d926cf128ee8108ffa9152
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 220236 6a64e0abf994f10586d64a936430feb5
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 109564 8eb2ea7f36786bb19cdfa66f8810ece0
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 33838 64e772e9227cff9541f36d1f5013d3a5
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 94826 8dfe44749b7550946e7e221533040193
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 22048 9726a58f77d295194204628b4c12ab8a
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 59228 1fae603eaac97fd6079a2283dc941927
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 51356 ad13c6256b1a9002ea5775b8af9a904a
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 84828 d3c8b74968077c15c457819fd4aaeab9
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 14588 4d0b83a66a8c14a198b584ab57bc9f87
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 150982 7fae9f3e041bb685fbd9f3d0f4a01d46
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 62860 1e68d3736998f7bc15ac4590105327cd
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_sparc.deb
Size/MD5: 34528 8f0a5a9acf6473eca3a63d917a763322
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2.diff.gz
Size/MD5: 495635 73fb08d938763db6da0f3b42ff644958
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2.dsc
Size/MD5: 2839 97d1e62017c70005246fee2d5e017df8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4.orig.tar.gz
Size/MD5: 5384595 537d1cf3f1da6e41d7d7402b264ebffc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.4-6ubuntu2.2_all.deb
Size/MD5: 1341676 ce0f9f35ebc3d604c79bb886c1a7aced
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.4-6ubuntu2.2_all.deb
Size/MD5: 76408 fc61e3af37a0f80a7a46964dd7e26feb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 44264 142d5fafa4b5a00ca952c31c3b9e1656
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 135544 12d15cb1768076d24ff265dab2345fa3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 97190 81f6206c1d355db2c2dfe26dbb666490
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 1975102 28b7000fc39385092fcc7f996d7d394c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 222624 bce72a79fb5e319039be1ab74a9b7e72
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 231892 f9d2b151e00be8c922b73bb5be334ab3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 110782 7a18dbc64f8a2f9eaad3f41d372aa2d8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 32636 910d06798100e2644ccb187f0c293ebb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 97278 7b4fc6c1762af750ff7ff9963cc30947
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 21932 fa4e2cc52a21a418cfd71a3821013156
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 61232 3e7220a9231c75ca921b7b753a219666
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 52406 536630b4dd36426ac1467e101d6e5b2a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 88474 e809bd9440142c134aa0a32ed1180e72
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 15280 bfc811b7d99615c885332d78e3931cb5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 150044 85a66060e7130b8b9cdc1160cf66a7cb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 59304 2ee7b50ae995f1566b2bc5dc32d2ade6
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_amd64.deb
Size/MD5: 33994 b06bb215b6efcbd87f72579c8ab06edd
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 42808 6ca99071a0e5db8db8afda1d57d501d6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 131672 42a732d03606b61e206c6fb66fdf4e23
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 96308 a2af26576a082cfaf38557aa1a27070f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 1913984 24c777ce3787e4561a03af0acbf019f4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 211736 211779c9213503647d776f788c5b3580
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 226140 44367d2d74bd739e25f983685daff823
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 109998 0870942036e53f45529ccf1dca806589
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 32348 be93efacc44da73f922c6382d35ac209
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 97520 ed3c79fcd54f7623e53b6f90bcf6a687
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 21674 c06ea4a45f9f57333c31616813ef44d1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 59976 2535b265c1e982600f5c2eb09698eb8a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 51362 2462a012518bbba128e2d96bf553161f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 88434 d65bdc567e5c779e293a5c557c25f78e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 14982 74d2226e302531e22fc6922e1603e2a2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 148776 e1782e56fcfb81bf87aaff80b5a87069
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 60444 719b73f78ba0bc49c30c0e3534ba31ec
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_i386.deb
Size/MD5: 32462 93d11d79b618711734a4c3679d9ffaea
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 44708 8790566e1b8bb099036d7ad01a9c6104
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 134932 f4c3e55e993e2b4c13dfc3818414d9ee
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 96548 4f6e9c6cb1f03caad79d2c62921c5298
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 1975062 8bce00da39e276c63c207a3aa74d0ade
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 211688 59d9cb4df82c25b95fe82a7b20aa4f5d
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 225548 bacb40fff23ea63de11ab9e2c651141b
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 108856 3590dfbf3a529ea7d2fe324316998f7d
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 31306 b3a5311b60acc22103842aa2abfaa253
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 103134 4dd02a625b228274ce00c5f9c4239270
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 28978 a8c9c37ae5576d0036811a3a513b6722
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 61004 e2d51f30b9805b9c76bbd66f6e51bf63
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 56536 ae93dc61f7a751a74ccb5b5ed5f7c226
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 89286 c7774932ca0edf857d747b880c335efe
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 16072 bcaa02010da1479a5f596befe77ccc60
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 145102 79ca8c190590dcb7fdf80d9b578b659b
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 57000 e1cdf28e431211c7b0fd23e51fcb4d8c
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_armel.deb
Size/MD5: 32924 17bd991d66e4c508083b956fec55f73a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 44308 50612b5e973bf3393d641461cfd2a2d8
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 137932 fd46aff9f2f2eb954805d8162b5d313d
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 96882 b2628fa8fb21bbf91851fae15fe29130
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 1981964 abae78a84d4960ee4b69527c8bc93e48
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 215568 b52ba3713e6265a0908e0a78949bf062
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 237790 d292fa19017aa7b1c91eb8076ddd0778
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 110090 2fcfe3b7b8fe9c921359b3588796e982
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 34570 c16f0adb9dcf1fca4bbc62413259e188
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 96944 6d145792e1f3d5ea54b2bc114c68d9ca
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 22144 07ed1b6ce46129225c271cd9228a5929
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 60254 c2955489f46611df5f472a55b0011b7c
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 54612 e4495862aa42294d9f60b98b2910b2a8
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 88876 632d8c21f2b891dae8335d2c1e961fb3
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 15532 9859929d04a9de022607d13e5631ed93
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 148410 27d0545832adc4f831684c5ffd8246b7
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 64006 db8c213b69c0a94c9bea4ce9c5f08777
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_powerpc.deb
Size/MD5: 34312 0b47a66e7d3150ec0eed2fb4b66cb008
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2176-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cups
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941
Several vulnerabilities have been discovered in the Common UNIX Printing
System:
CVE-2008-5183
A null pointer dereference in RSS job completion notifications
could lead to denial of service.
CVE-2009-3553
It was discovered that incorrect file descriptor handling
could lead to denial of service.
CVE-2010-0540
A cross-site request forgery vulnerability was discovered in
the web interface.
CVE-2010-0542
Incorrect memory management in the filter subsystem could lead
to denial of service.
CVE-2010-1748
Information disclosure in the web interface.
CVE-2010-2431
Emmanuel Bouillon discovered a symlink vulnerability in handling
of cache files.
CVE-2010-2432
Denial of service in the authentication code.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny9.
The stable distribution (squeeze) and the unstable distribution (sid)
had already been fixed prior to the initial Squeeze release.
We recommend that you upgrade your cups packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5
HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx
=j7wC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
The web interface in CUPS, reads uninitialized memory during handling
of form variables, which allows context-dependent attackers to obtain
sensitive information from cupsd process memory via unspecified vectors
(CVE-2010-1748).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm
1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm
a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm
130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm
06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm
7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm
4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm
3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm
473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm
6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2010.0:
b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm
9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm
9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm
30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm
d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm
1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm
c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm
8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm
330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm
bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm
cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm
c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm
2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm
f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm
eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm
64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm
3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm
a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm
b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm
d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details. A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Red Hat update for cups
SECUNIA ADVISORY ID:
SA42009
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42009/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42009
RELEASE DATE:
2010-10-30
DISCUSS ADVISORY:
http://secunia.com/advisories/42009/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42009/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42009
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Red Hat has issued an update for cups. This fixes some
vulnerabilities, which can be exploited by malicious people to
potentially compromise a vulnerable system.
For more information:
SA40165
SA41706
SOLUTION:
Updated packages are available via Red Hat Network.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
ORIGINAL ADVISORY:
RHSA-2010-0811:
https://rhn.redhat.com/errata/RHSA-2010-0811.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-202106-0343
|
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An authenticated attacker could exploit this vulnerability to obtain sensitive information. 6 ELS) - i386, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update
Advisory ID: RHSA-2021:3028-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3028
Issue date: 2021-08-09
CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
CVE-2020-24489 CVE-2020-24511 CVE-2020-24512
====================================================================
1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux
7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: Vector Register Data Sampling (CVE-2020-0548)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors
(CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors
(CVE-2020-24512)
* hw: Information disclosure issue in Intel SGX via RAPL interface
(CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
1890356 - CVE-2020-8698 hw: Fast forward store predictor
1897684 - [rhel-7.9.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0543
https://access.redhat.com/security/cve/CVE-2020-0548
https://access.redhat.com/security/cve/CVE-2020-0549
https://access.redhat.com/security/cve/CVE-2020-8695
https://access.redhat.com/security/cve/CVE-2020-8696
https://access.redhat.com/security/cve/CVE-2020-8698
https://access.redhat.com/security/cve/CVE-2020-24489
https://access.redhat.com/security/cve/CVE-2020-24511
https://access.redhat.com/security/cve/CVE-2020-24512
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYRD++tzjgjWX9erEAQhA1A//eeO88DFGpTcHgCHrsXimUtK3MZX0RppT
5UOWuXgmPJniMPDALpkfTNTnNGASjBB+WDclaW2d/sZf52PzYLao5wGVIYdUx3Nl
l9IvbGNMm0F7eI7aHdT2QnUhQQl1IpJrbmkhvBM2w85EmOfqlq+CpXnJMRXzoRdv
sFPrWAo1opDNnBV6iYAnyULHFuWwcvU28n3JU945W8p/PvqJgSze77i4dmpzYkBj
ljzVrIUl2pizBmnQMj03JJ+YeB8+oKb0uD2RdqHoxkUSFGH9OW6s/qytHu/eR4uL
Y7WmIfHUxGsVRcmIjo/VaAvvWs4A3hdOL3nGdRAMQOKp+VoDcX7VDNURoxK/bkcJ
OepHSyfWPCVXvOmU5l2ov1uzVQ/F+ajeevMehuzwQlTAIur5qE2eQ2Mwitfh/7WZ
W3x67peCz51zVPtb7rkQfpzQzZKkjSAAclOYMzltv2PA5vSXZy8+hEqWZwqtesQn
ltz36bjQMvRRhr1yGDbaFI5dcTB8T/eIkzmD6wPfbd7r7SEuE0GUd8Yf69VghGL2
f+mvR8oWb2x3RHXbpFm4aIt5mJHqIgfXDAohz7lXgLyJwQefyeJ5w+W8nOe+ZSK/
yvfiVQZz9tvPq8yqC87YWTA7zcnhoSmPvXRicJakpfJL/oz043Tc17jqxIra36sA
UjXnNBNse8A=LIYI
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-201506-0268
|
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to a security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in PHP's implementation of pcntl_exec, which stems from the fact that the program does not allow null bytes in pathnames. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. A remote attacker could use this flaw to
trigger the execution of a PHP script in a deinitialized interpreter,
causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2658-1
July 06, 2015
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL
bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,
CVE-2015-4598)
Emmanuel Law discovered that the PHP phar extension incorrectly handled
filenames starting with a NULL byte. (CVE-2015-4021)
Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. (CVE-2015-4022,
CVE-2015-4643)
Shusheng Liu discovered that PHP incorrectly handled certain malformed form
data. (CVE-2015-4024)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. (CVE-2015-4147)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
that the uri property is a string. A remote attacker could possibly use these issues to
obtain sensitive information or cause a denial of service. This issue only affected Ubuntu
15.04. (CVE-2015-4644)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2
php5-cgi 5.6.4+dfsg-4ubuntu6.2
php5-cli 5.6.4+dfsg-4ubuntu6.2
php5-fpm 5.6.4+dfsg-4ubuntu6.2
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6
php5-cgi 5.5.12+dfsg-2ubuntu4.6
php5-cli 5.5.12+dfsg-2ubuntu4.6
php5-fpm 5.5.12+dfsg-2ubuntu4.6
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11
php5-cgi 5.5.9+dfsg-1ubuntu4.11
php5-cli 5.5.9+dfsg-1ubuntu4.11
php5-fpm 5.5.9+dfsg-1ubuntu4.11
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.19
php5-cgi 5.3.10-1ubuntu3.19
php5-cli 5.3.10-1ubuntu3.19
php5-fpm 5.3.10-1ubuntu3.19
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded.
This update fixes some bugs and security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz
Slackware 14.1 package:
52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz
Slackware -current package:
e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz
Slackware x86_64 -current package:
ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.41-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address |
|
var-201904-0744
|
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-7-9-1 iOS 11.4.1
iOS 11.4.1 is now available and addresses the following:
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved
checks.
CVE-2018-4293: an anonymous researcher
Emoji
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing an emoji under certain configurations may lead to
a denial of service
Description: A denial of service issue was addressed with improved
memory handling.
CVE-2018-4290: Patrick Wardle of Digita Security
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2018-4282: Proteas of Qihoo 360 Nirvan Team
libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4280: Brandon Azad
libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4248: Brandon Azad
LinkPresentation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate audio data cross-origin
Description: Sound fetched through audio elements may be exfiltrated
cross-origin.
CVE-2018-4278: Jun Kokatsu (@shhnjk)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A race condition was addressed with additional
validation.
CVE-2018-4266: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2018-4274: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4270: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4284: Found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4271: found by OSS-Fuzz
CVE-2018-4273: found by OSS-Fuzz
WebKit Page Loading
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 11.4.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCaYqQ/+
LoOw2Hgwr9l7EplQS1O9t9ssVvjaQ25JhxeAkEHhrrLTTpEHNOYhBgPj3XV3DkNT
QR1XDKykgVXq1jAMqy2CzpVvb0bWrhAZte7lwLwTKiSdzWzY99LspMtck0uZXg5y
qoePuHIifMF5oMzRsLq2IDKj7sDJ3mEOjOGizfJ5BRdFOZPKmuTLK/LnafzoqlOY
XAYMj3puFWnlMs1ewTTbup5Oh0totisA7WlpDleG+a/IborfXe89nvUIAEyPH3UF
jbPXGlIrB+aofMmoxgbJ7YDXm+7RZbRShrqS3IIwbuVWlWxi8M6AYvlFCAxKc3In
R3Bum13NIR8ZTfLARmrRos54kzmygazCHK0yIkeKvJW3uSFIOUbBtkKQ8EpE8og9
KzNvxyMd5Le6kCJe8JECl6jrfnY7QrYBIPxowXymfcRyYpnpIidYHUPlej8OZYnT
fH8lWsE09CikZjBLyKmM6NJ4Y24CAmILyJWTmrM+pM9jLN9InWxTr0raY+MiULnI
MZgqDuP+wMKfcGGngOkDnmm84w4RSnwK7bRgVtCWV99rnqZvzDgoYhJXDyXXuPqL
P0HN+TKdCJ7e+C4boqDup2Ojz7YhFXfCwkJ1fHLD+L+Aj46eLbuu9936vGgvAzQI
7aT98URG/GMffZ3Y53yDJZxHDTnFQ5/tOlNBv8LKJDA=
=mzJ2
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
------------------------------------------------------------------------
Date reported : August 07, 2018
Advisory ID : WSA-2018-0006
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0006.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0006.html
CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262,
CVE-2018-4263, CVE-2018-4264, CVE-2018-4265,
CVE-2018-4266, CVE-2018-4267, CVE-2018-4270,
CVE-2018-4271, CVE-2018-4272, CVE-2018-4273,
CVE-2018-4278, CVE-2018-4284, CVE-2018-12911.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4246
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.1.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4261
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Omair working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4262
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Mateusz Krzywicki working with Trend Micro's Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4263
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Arayz working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4264
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-
Year Security Lab.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4265
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to cc working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4266
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz.
A malicious website may be able to cause a denial of service. A race
condition was addressed with additional validation.
CVE-2018-4267
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Arayz of Pangu team working with Trend Micro's Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4270
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to an unexpected
application crash.
CVE-2018-4271
Versions affected: WebKitGTK+ before 2.20.2.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to an unexpected
application crash.
CVE-2018-4272
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4273
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to an unexpected
application crash.
CVE-2018-4278
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Jun Kokatsu (@shhnjk).
A malicious website may exfiltrate audio data cross-origin. Sound
fetched through audio elements may be exfiltrated cross-origin.
CVE-2018-4284
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to OSS-Fuzz.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-12911
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
Credit to Yu Haiwan.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
August 07, 2018
.
CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)
Installation note:
Safari 11.1.2 may be obtained from the Mac App Store |
|
var-201606-0329
|
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. The Linux kernel is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Local attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the kernel, denying service to legitimate users. ==========================================================================
Ubuntu Security Notice USN-3070-4
August 30, 2016
linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 LTS.
A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)
Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)
James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. (CVE-2016-5400)
Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)
Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. (CVE-2016-5728)
Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). (CVE-2016-5828)
It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel.
(CVE-2016-5829)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. (CVE-2016-6197)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.4.0-36-generic 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-generic-lpae 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-lowlatency 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-powerpc-e500mc 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-powerpc-smp 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-powerpc64-emb 4.4.0-36.55~14.04.1
linux-image-4.4.0-36-powerpc64-smp 4.4.0-36.55~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2016:2574-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2574.html
Issue date: 2016-11-03
CVE Names: CVE-2013-4312 CVE-2015-8374 CVE-2015-8543
CVE-2015-8746 CVE-2015-8812 CVE-2015-8844
CVE-2015-8845 CVE-2015-8956 CVE-2016-2053
CVE-2016-2069 CVE-2016-2117 CVE-2016-2384
CVE-2016-2847 CVE-2016-3070 CVE-2016-3156
CVE-2016-3699 CVE-2016-3841 CVE-2016-4569
CVE-2016-4578 CVE-2016-4581 CVE-2016-4794
CVE-2016-5412 CVE-2016-5828 CVE-2016-5829
CVE-2016-6136 CVE-2016-6198 CVE-2016-6327
CVE-2016-6480
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for Containers (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* It was found that the Linux kernel's IPv6 implementation mishandled
socket options. A local attacker could abuse concurrent access to the
socket options to escalate their privileges, or cause a denial of service
(use-after-free and system crash) via a crafted sendmsg system call.
(CVE-2016-3841, Important)
* Several Moderate and Low impact security issues were found in the Linux
kernel. Space precludes documenting each of these issues in this advisory.
Refer to the CVE links in the References section for a description of each
of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543,
CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,
CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,
CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327,
CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,
CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)
Red Hat would like to thank Philip Pettersson (Samsung) for reporting
CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo
kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;
Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto
(HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by
Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845
issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the
CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the
CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the
CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1141249 - Xen guests may hang after migration or suspend/resume
1234586 - Backtrace after unclean shutdown with XFS v5 and project quotas
1267042 - XFS needs to better handle EIO and ENOSPC
1277863 - Test case failure: Screen - Resolution after no Screen Boot on Intel Valley View Gen7 [8086:0f31]
1278224 - panic in iscsi_target.c
1283341 - cannot mount RHEL7 NFS server with nfsvers=4.1,sec=krb5 but nfsvers=4.0,sec=krb5 works
1286261 - CVE-2015-8374 kernel: Information leak when truncating of compressed/inlined extents on BTRFS
1286500 - Tool thin_dump failing to show 'mappings'
1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference
1292481 - device mapper hung tasks on an openshift/docker system
1295802 - CVE-2015-8746 kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client
1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted
1299662 - VFIO: include no-IOMMU mode - not supported
1300023 - soft lockup in nfs4_put_stid with 3.10.0-327.4.4.el7
1300237 - CVE-2016-2053 kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
1301893 - CVE-2016-2069 kernel: race condition in the TLB flush logic
1302166 - MAC address of VF is not editable even when attached to host
1303532 - CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
1305118 - XFS support for deferred dio completion
1307091 - fstrim failing on mdadm raid 5 device
1308444 - CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor
1308846 - CVE-2016-3070 kernel: Null pointer dereference in trace_writeback_dirty_page()
1312298 - CVE-2016-2117 kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers
1313428 - CVE-2016-2847 kernel: pipe: limit the per-user amount of pages allocated in pipes
1318172 - CVE-2016-3156 kernel: ipv4: denial of service when destroying a network interface
1321096 - BUG: s390 socketcall() syscalls audited with wrong value in field a0
1326540 - CVE-2015-8845 CVE-2015-8844 kernel: incorrect restoration of machine specific registers from userspace
1329653 - CVE-2016-3699 kernel: ACPI table override allowed when securelevel is enabled
1333712 - CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt
1334643 - CVE-2016-4569 kernel: Information leak in Linux sound module in timer.c
1335215 - CVE-2016-4578 kernel: Information leak in events in timer.c
1335889 - CVE-2016-4794 kernel: Use after free in array_map_alloc
1349539 - T460[p/s] audio output on dock won't work
1349916 - CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode
1349917 - CVE-2016-5828 Kernel: powerpc: tm: crash via exec system call on PPC
1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver
1353533 - CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments
1354525 - CVE-2016-6327 kernel: infiniband: Kernel crash by sending ABORT_TASK command
1355654 - CVE-2016-6198 kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs
1361245 - [Hyper-V][RHEL 7.2] VMs panic when configured with Dynamic Memory as opposed to Static Memory
1362466 - CVE-2016-6480 kernel: scsi: aacraid: double fetch in ioctl_send_fib()
1364971 - CVE-2016-3841 kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
1383395 - CVE-2015-8956 kernel: NULL dereference in RFCOMM bind callback
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-514.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm
kernel-doc-3.10.0-514.el7.noarch.rpm
x86_64:
kernel-3.10.0-514.el7.x86_64.rpm
kernel-debug-3.10.0-514.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-devel-3.10.0-514.el7.x86_64.rpm
kernel-headers-3.10.0-514.el7.x86_64.rpm
kernel-tools-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.el7.x86_64.rpm
perf-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-514.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm
kernel-doc-3.10.0-514.el7.noarch.rpm
x86_64:
kernel-3.10.0-514.el7.x86_64.rpm
kernel-debug-3.10.0-514.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-devel-3.10.0-514.el7.x86_64.rpm
kernel-headers-3.10.0-514.el7.x86_64.rpm
kernel-tools-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.el7.x86_64.rpm
perf-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux for Containers (v. 7):
Source:
kernel-3.10.0-508.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-508.el7.noarch.rpm
kernel-doc-3.10.0-508.el7.noarch.rpm
ppc64:
kernel-3.10.0-508.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-508.el7.ppc64.rpm
kernel-debug-3.10.0-508.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-508.el7.ppc64.rpm
kernel-debug-devel-3.10.0-508.el7.ppc64.rpm
kernel-debuginfo-3.10.0-508.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-508.el7.ppc64.rpm
kernel-devel-3.10.0-508.el7.ppc64.rpm
kernel-headers-3.10.0-508.el7.ppc64.rpm
kernel-tools-3.10.0-508.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-508.el7.ppc64.rpm
kernel-tools-libs-3.10.0-508.el7.ppc64.rpm
perf-3.10.0-508.el7.ppc64.rpm
perf-debuginfo-3.10.0-508.el7.ppc64.rpm
python-perf-3.10.0-508.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-508.el7.ppc64.rpm
ppc64le:
kernel-3.10.0-508.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-508.el7.ppc64le.rpm
kernel-debug-3.10.0-508.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-508.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-508.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-508.el7.ppc64le.rpm
kernel-devel-3.10.0-508.el7.ppc64le.rpm
kernel-headers-3.10.0-508.el7.ppc64le.rpm
kernel-tools-3.10.0-508.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-508.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-508.el7.ppc64le.rpm
perf-3.10.0-508.el7.ppc64le.rpm
perf-debuginfo-3.10.0-508.el7.ppc64le.rpm
python-perf-3.10.0-508.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-508.el7.ppc64le.rpm
s390x:
kernel-3.10.0-508.el7.s390x.rpm
kernel-debug-3.10.0-508.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-508.el7.s390x.rpm
kernel-debug-devel-3.10.0-508.el7.s390x.rpm
kernel-debuginfo-3.10.0-508.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-508.el7.s390x.rpm
kernel-devel-3.10.0-508.el7.s390x.rpm
kernel-headers-3.10.0-508.el7.s390x.rpm
kernel-kdump-3.10.0-508.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-508.el7.s390x.rpm
kernel-kdump-devel-3.10.0-508.el7.s390x.rpm
perf-3.10.0-508.el7.s390x.rpm
perf-debuginfo-3.10.0-508.el7.s390x.rpm
python-perf-3.10.0-508.el7.s390x.rpm
python-perf-debuginfo-3.10.0-508.el7.s390x.rpm
x86_64:
kernel-3.10.0-508.el7.x86_64.rpm
kernel-debug-3.10.0-508.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-508.el7.x86_64.rpm
kernel-debuginfo-3.10.0-508.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-508.el7.x86_64.rpm
kernel-devel-3.10.0-508.el7.x86_64.rpm
kernel-headers-3.10.0-508.el7.x86_64.rpm
kernel-tools-3.10.0-508.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-508.el7.x86_64.rpm
kernel-tools-libs-3.10.0-508.el7.x86_64.rpm
perf-3.10.0-508.el7.x86_64.rpm
perf-debuginfo-3.10.0-508.el7.x86_64.rpm
python-perf-3.10.0-508.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-508.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-514.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm
kernel-doc-3.10.0-514.el7.noarch.rpm
ppc64:
kernel-3.10.0-514.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.el7.ppc64.rpm
kernel-debug-3.10.0-514.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.el7.ppc64.rpm
kernel-devel-3.10.0-514.el7.ppc64.rpm
kernel-headers-3.10.0-514.el7.ppc64.rpm
kernel-tools-3.10.0-514.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.el7.ppc64.rpm
perf-3.10.0-514.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.el7.ppc64.rpm
python-perf-3.10.0-514.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.el7.ppc64.rpm
ppc64le:
kernel-3.10.0-514.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.el7.ppc64le.rpm
kernel-debug-3.10.0-514.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.el7.ppc64le.rpm
kernel-devel-3.10.0-514.el7.ppc64le.rpm
kernel-headers-3.10.0-514.el7.ppc64le.rpm
kernel-tools-3.10.0-514.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.el7.ppc64le.rpm
perf-3.10.0-514.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.el7.ppc64le.rpm
python-perf-3.10.0-514.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.el7.ppc64le.rpm
s390x:
kernel-3.10.0-514.el7.s390x.rpm
kernel-debug-3.10.0-514.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.el7.s390x.rpm
kernel-devel-3.10.0-514.el7.s390x.rpm
kernel-headers-3.10.0-514.el7.s390x.rpm
kernel-kdump-3.10.0-514.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.el7.s390x.rpm
perf-3.10.0-514.el7.s390x.rpm
perf-debuginfo-3.10.0-514.el7.s390x.rpm
python-perf-3.10.0-514.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.el7.s390x.rpm
x86_64:
kernel-3.10.0-514.el7.x86_64.rpm
kernel-debug-3.10.0-514.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-devel-3.10.0-514.el7.x86_64.rpm
kernel-headers-3.10.0-514.el7.x86_64.rpm
kernel-tools-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.el7.x86_64.rpm
perf-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
kernel-debug-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.el7.ppc64.rpm
ppc64le:
kernel-debug-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-514.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm
kernel-doc-3.10.0-514.el7.noarch.rpm
x86_64:
kernel-3.10.0-514.el7.x86_64.rpm
kernel-debug-3.10.0-514.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-devel-3.10.0-514.el7.x86_64.rpm
kernel-headers-3.10.0-514.el7.x86_64.rpm
kernel-tools-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.el7.x86_64.rpm
perf-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-4312
https://access.redhat.com/security/cve/CVE-2015-8374
https://access.redhat.com/security/cve/CVE-2015-8543
https://access.redhat.com/security/cve/CVE-2015-8746
https://access.redhat.com/security/cve/CVE-2015-8812
https://access.redhat.com/security/cve/CVE-2015-8844
https://access.redhat.com/security/cve/CVE-2015-8845
https://access.redhat.com/security/cve/CVE-2015-8956
https://access.redhat.com/security/cve/CVE-2016-2053
https://access.redhat.com/security/cve/CVE-2016-2069
https://access.redhat.com/security/cve/CVE-2016-2117
https://access.redhat.com/security/cve/CVE-2016-2384
https://access.redhat.com/security/cve/CVE-2016-2847
https://access.redhat.com/security/cve/CVE-2016-3070
https://access.redhat.com/security/cve/CVE-2016-3156
https://access.redhat.com/security/cve/CVE-2016-3699
https://access.redhat.com/security/cve/CVE-2016-3841
https://access.redhat.com/security/cve/CVE-2016-4569
https://access.redhat.com/security/cve/CVE-2016-4578
https://access.redhat.com/security/cve/CVE-2016-4581
https://access.redhat.com/security/cve/CVE-2016-4794
https://access.redhat.com/security/cve/CVE-2016-5412
https://access.redhat.com/security/cve/CVE-2016-5828
https://access.redhat.com/security/cve/CVE-2016-5829
https://access.redhat.com/security/cve/CVE-2016-6136
https://access.redhat.com/security/cve/CVE-2016-6198
https://access.redhat.com/security/cve/CVE-2016-6327
https://access.redhat.com/security/cve/CVE-2016-6480
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFYGvnGXlSAg2UNWIIRAt0KAJ9EHwzXCUk4h0/OWw0UutzqBegyHQCgudbG
nc4j6RLeW23njfwjT51CsVU=
=N1Fg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|