|
var-201912-0636
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. WebKit is prone to a cross-site scripting vulnerability and multiple memory-corruption vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code in the context of the affected system. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Failed exploit attempts will likely cause a denial-of-service condition. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A memory corruption vulnerability exists in the WebKit component of several Apple products. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)
An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)
A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)
A logic issue existed in the handling of document loads. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)
This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)
An input validation issue was addressed with improved input validation. (CVE-2020-3902). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: September 06, 2019
Bugs: #683234, #686216, #693122
ID: 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"
References
==========
[ 1 ] CVE-2019-11070
https://nvd.nist.gov/vuln/detail/CVE-2019-11070
[ 2 ] CVE-2019-6201
https://nvd.nist.gov/vuln/detail/CVE-2019-6201
[ 3 ] CVE-2019-6251
https://nvd.nist.gov/vuln/detail/CVE-2019-6251
[ 4 ] CVE-2019-7285
https://nvd.nist.gov/vuln/detail/CVE-2019-7285
[ 5 ] CVE-2019-7292
https://nvd.nist.gov/vuln/detail/CVE-2019-7292
[ 6 ] CVE-2019-8503
https://nvd.nist.gov/vuln/detail/CVE-2019-8503
[ 7 ] CVE-2019-8506
https://nvd.nist.gov/vuln/detail/CVE-2019-8506
[ 8 ] CVE-2019-8515
https://nvd.nist.gov/vuln/detail/CVE-2019-8515
[ 9 ] CVE-2019-8518
https://nvd.nist.gov/vuln/detail/CVE-2019-8518
[ 10 ] CVE-2019-8523
https://nvd.nist.gov/vuln/detail/CVE-2019-8523
[ 11 ] CVE-2019-8524
https://nvd.nist.gov/vuln/detail/CVE-2019-8524
[ 12 ] CVE-2019-8535
https://nvd.nist.gov/vuln/detail/CVE-2019-8535
[ 13 ] CVE-2019-8536
https://nvd.nist.gov/vuln/detail/CVE-2019-8536
[ 14 ] CVE-2019-8544
https://nvd.nist.gov/vuln/detail/CVE-2019-8544
[ 15 ] CVE-2019-8551
https://nvd.nist.gov/vuln/detail/CVE-2019-8551
[ 16 ] CVE-2019-8558
https://nvd.nist.gov/vuln/detail/CVE-2019-8558
[ 17 ] CVE-2019-8559
https://nvd.nist.gov/vuln/detail/CVE-2019-8559
[ 18 ] CVE-2019-8563
https://nvd.nist.gov/vuln/detail/CVE-2019-8563
[ 19 ] CVE-2019-8595
https://nvd.nist.gov/vuln/detail/CVE-2019-8595
[ 20 ] CVE-2019-8607
https://nvd.nist.gov/vuln/detail/CVE-2019-8607
[ 21 ] CVE-2019-8615
https://nvd.nist.gov/vuln/detail/CVE-2019-8615
[ 22 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 23 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 24 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 25 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 26 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 27 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 28 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 29 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 30 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 31 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 32 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 33 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 34 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 35 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 36 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 37 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 38 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 39 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 40 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 41 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 42 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 43 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 44 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 45 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 46 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 47 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 48 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 49 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 50 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 51 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 52 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 53 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 54 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 55 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 56 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 57 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 58 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 59 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 60 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 61 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 62 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 63 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 64 ] WSA-2019-0002
https://webkitgtk.org/security/WSA-2019-0002.html
[ 65 ] WSA-2019-0004
https://webkitgtk.org/security/WSA-2019-0004.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201909-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4
iOS 12.4 addresses the following:
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Found in Apps
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: This issue was addressed with improved checks.
CVE-2019-8663: Natalie Silvanovich of Google Project Zero
Foundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
libxslt
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing
Profiles
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A malicious application may be able to restrict access to
websites
Description: A validation issue existed in the entitlement
verification.
CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of
North Carolina State University; Costin Carabaș and Răzvan Deaconescu
of University POLITEHNICA of Bucharest
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: The initiator of a phone call may be able to cause the
recipient to answer a simultaneous Walkie-Talkie connection
Description: A logic issue existed in the answering of phone calls.
CVE-2019-8699: Marius Alexandru Boeru (@mboeru) and an anonymous
researcher
UIFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Wallet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8690: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of synchronous
page loads.
CVE-2019-8649: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day
Initiative
CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu
Security Response Center of Qihoo 360 Technology Co. Ltd.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8671: Apple
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8677: Jihui Lu of Tencent KeenLab
CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong
(@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu
(@straight_blast) of VX Browser Exploitation Group, Chris Chan
(@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok
(@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0)
of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of
Venustech
CVE-2019-8679: Jihui Lu of Tencent KeenLab
CVE-2019-8680: Jihui Lu of Tencent KeenLab
CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day
Initiative
CVE-2019-8687: Apple
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero
Additional recognition
Game Center
We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of
Alibaba Inc. for their assistance.
MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.4".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H8AxAA
x7PkVYpHr8NsjIwvei5DcsiDtOTNCjfaFMpmfdwgCNvDOYj5L15F1QBDIrfUHkqi
D+1H/oJNzLI7cD1/UqbFz5ZhnPoFtjASCnVvDBBfCfOtL3sYRYjbtUEKWFQOx7i2
BLwiUJIkg9pxdrU0Gw7dd8IgII9pK5zPwRgFfrHuNZrBnOkG6JPC9QX+PjP8RUC9
eRFuRzDYBk5UydpwkhWI3RxVg+BcZRh17TRc2gu3osAqPL8sE9FqXhUWQIMEmY78
gDkDEUKht002PLGiBP6LK3r9UXR5OEAu64nMJLBoXXMUX3GK77mN8mroEGJf48l3
C7wKrRg3j0T9N+EDNX/avl3n4r70ixhsGhKqJjqJMBEAhrBfQ/8aMFb0FdrdC3f8
GAxm57MetIE65YzbWmTZoUX0CS9MmKIj9JJMFqcxyP2jNibLbouzAH08N7eTktF/
fsLYrisu3srFalLFr22la4fwaLPYKMZ8huBONGttLhvFs+jYjFZCyzEXCXjyXuZi
UjJ90aLnlqHKOQfeu865GAumDP5+9jVRDOpBTMFmR5pj86UCZttTDqMGmW2/EpQ/
LeOyNUGJlq5Lc35/R37YILE6FIjKcfwl3CDUsok1f8RUag5AtcU6s3LlNdzJ+szu
9SsbxcGzn+NbcDU4i53OHyNNkcECGdn86Y+MBPXYrek=
=Eo2f
-----END PGP SIGNATURE-----
|
|
var-200102-0077
|
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
|
|
var-200504-0293
|
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ GNU zip (gzip) Is a utility that compresses and decompresses files. grep Run zgrep Or unzip the compressed file gunzip Each tool is packaged. Gzip 1.2.4 Previously, there were several security issues: 1) gzip 1.2.4 Included before zgrep There is a problem that does not properly sanitize arguments. (CAN-2005-0758) Details are currently unknown, but local attackers who exploit this issue zgrep An arbitrary command may be executed by passing an intentional file name to. 3) gzip 1.2.4 Included before gunzip Is -N When decompressing a compressed file with a flag, there is a problem that the validity of the file name is not properly checked. (CAN-2005-1228) A remote attacker who exploits this issue ".." Send a compressed file that is a compressed file containing an intentional character string to the target user gzip Inducing a directory traversal attack by inducing unpacking with.Please refer to the “Overview” for the impact of this vulnerability. The gzip utility is reported prone to a security weakness; the issue occurs only when an archive is extracted into a world- or group-writeable directory.
This weakness is reported to affect gzip 1.2.4, 1.3.3, and previous versions.
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
gzip Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA15047
VERIFY ADVISORY:
http://secunia.com/advisories/15047/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
gzip 1.x
http://secunia.com/product/4220/
DESCRIPTION:
Ulf H\xe4rnhammar has reported a vulnerability in gzip, which
potentially can be exploited by malicious people to compromise a
user's system. This makes it
possible to have a file extracted to an arbitrary location outside
the current directory via directory traversal attacks.
The vulnerability has been reported in version 1.2.4, 1.2.4a, 1.3.3,
1.3.4 and 1.3.5. Other versions may also be affected.
SOLUTION:
Do not extract untrusted ".gz" files with the "-N" flag.
PROVIDED AND/OR DISCOVERED BY:
Ulf H\xe4rnhammar
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: gzip: Multiple vulnerabilities
Date: May 09, 2005
Bugs: #89946, #90626
ID: 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
gzip contains multiple vulnerabilities potentially allowing an attacker
to execute arbitrary commands. The zgrep utility improperly
sanitizes arguments, which may come from an untrusted source
(CAN-2005-0758).
Impact
======
These vulnerabilities could allow arbitrary command execution, changing
the permissions of arbitrary files, and installation of files to an
aribitrary location in the filesystem.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All gzip users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"
References
==========
[ 1 ] CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
[ 2 ] CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
[ 3 ] CAN-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
|
|
var-202006-1831
|
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5633-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633
Issue date: 2021-02-24
CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
CVE-2018-14553 CVE-2018-14879 CVE-2018-14880
CVE-2018-14881 CVE-2018-14882 CVE-2018-16227
CVE-2018-16228 CVE-2018-16229 CVE-2018-16230
CVE-2018-16300 CVE-2018-16451 CVE-2018-16452
CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-6977 CVE-2019-6978 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9455 CVE-2019-9458
CVE-2019-11068 CVE-2019-12614 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15166 CVE-2019-15903
CVE-2019-15917 CVE-2019-15925 CVE-2019-16167
CVE-2019-16168 CVE-2019-16231 CVE-2019-16233
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-18197 CVE-2019-18808 CVE-2019-18809
CVE-2019-19046 CVE-2019-19056 CVE-2019-19062
CVE-2019-19063 CVE-2019-19068 CVE-2019-19072
CVE-2019-19221 CVE-2019-19319 CVE-2019-19332
CVE-2019-19447 CVE-2019-19524 CVE-2019-19533
CVE-2019-19537 CVE-2019-19543 CVE-2019-19602
CVE-2019-19767 CVE-2019-19770 CVE-2019-19906
CVE-2019-19956 CVE-2019-20054 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20636 CVE-2019-20807
CVE-2019-20812 CVE-2019-20907 CVE-2019-20916
CVE-2020-0305 CVE-2020-0444 CVE-2020-1716
CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
CVE-2020-1971 CVE-2020-2574 CVE-2020-2752
CVE-2020-2922 CVE-2020-3862 CVE-2020-3864
CVE-2020-3865 CVE-2020-3867 CVE-2020-3868
CVE-2020-3885 CVE-2020-3894 CVE-2020-3895
CVE-2020-3897 CVE-2020-3898 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-7774
CVE-2020-8177 CVE-2020-8492 CVE-2020-8563
CVE-2020-8566 CVE-2020-8619 CVE-2020-8622
CVE-2020-8623 CVE-2020-8624 CVE-2020-8647
CVE-2020-8648 CVE-2020-8649 CVE-2020-9327
CVE-2020-9802 CVE-2020-9803 CVE-2020-9805
CVE-2020-9806 CVE-2020-9807 CVE-2020-9843
CVE-2020-9850 CVE-2020-9862 CVE-2020-9893
CVE-2020-9894 CVE-2020-9895 CVE-2020-9915
CVE-2020-9925 CVE-2020-10018 CVE-2020-10029
CVE-2020-10732 CVE-2020-10749 CVE-2020-10751
CVE-2020-10763 CVE-2020-10773 CVE-2020-10774
CVE-2020-10942 CVE-2020-11565 CVE-2020-11668
CVE-2020-11793 CVE-2020-12465 CVE-2020-12655
CVE-2020-12659 CVE-2020-12770 CVE-2020-12826
CVE-2020-13249 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-14019 CVE-2020-14040
CVE-2020-14381 CVE-2020-14382 CVE-2020-14391
CVE-2020-14422 CVE-2020-15157 CVE-2020-15503
CVE-2020-15862 CVE-2020-15999 CVE-2020-16166
CVE-2020-24490 CVE-2020-24659 CVE-2020-25211
CVE-2020-25641 CVE-2020-25658 CVE-2020-25661
CVE-2020-25662 CVE-2020-25681 CVE-2020-25682
CVE-2020-25683 CVE-2020-25684 CVE-2020-25685
CVE-2020-25686 CVE-2020-25687 CVE-2020-25694
CVE-2020-25696 CVE-2020-26160 CVE-2020-27813
CVE-2020-27846 CVE-2020-28362 CVE-2020-29652
CVE-2021-2007 CVE-2021-3121
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is
sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is
sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is
sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor.
Security Fix(es):
* crewjam/saml: authentication bypass in saml authentication
(CVE-2020-27846)
* golang: crypto/ssh: crafted authentication request can lead to nil
pointer dereference (CVE-2020-29652)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* kubernetes: Secret leaks in kube-controller-manager when using vSphere
Provider (CVE-2020-8563)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
* heketi: gluster-block volume password details available in logs
(CVE-2020-10763)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)
* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.7, see the following documentation,
which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - `--to` option does not work with `--credentials-requests` flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - `oc api-resources` does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in `oc explain`
1880787 - No description for Provisioning CRD for `oc explain`
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - `oc explain localvolumediscovery` returns empty description
1887751 - `oc explain localvolumediscoveryresult` returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`
1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]: `make check` broken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 - `oc adm release mirror` panic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translate `this` without context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 - `Active alerts` section throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describing `ignore-volume-az` is incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Show `kubectl diff ` command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in the `oc rollback -h` help page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port in `from dockerfile` flow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
1918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information for `oc new-project --skip-config-write` is wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`
1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources shows `undefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
5. References:
https://access.redhat.com/security/cve/CVE-2018-10103
https://access.redhat.com/security/cve/CVE-2018-10105
https://access.redhat.com/security/cve/CVE-2018-14461
https://access.redhat.com/security/cve/CVE-2018-14462
https://access.redhat.com/security/cve/CVE-2018-14463
https://access.redhat.com/security/cve/CVE-2018-14464
https://access.redhat.com/security/cve/CVE-2018-14465
https://access.redhat.com/security/cve/CVE-2018-14466
https://access.redhat.com/security/cve/CVE-2018-14467
https://access.redhat.com/security/cve/CVE-2018-14468
https://access.redhat.com/security/cve/CVE-2018-14469
https://access.redhat.com/security/cve/CVE-2018-14470
https://access.redhat.com/security/cve/CVE-2018-14553
https://access.redhat.com/security/cve/CVE-2018-14879
https://access.redhat.com/security/cve/CVE-2018-14880
https://access.redhat.com/security/cve/CVE-2018-14881
https://access.redhat.com/security/cve/CVE-2018-14882
https://access.redhat.com/security/cve/CVE-2018-16227
https://access.redhat.com/security/cve/CVE-2018-16228
https://access.redhat.com/security/cve/CVE-2018-16229
https://access.redhat.com/security/cve/CVE-2018-16230
https://access.redhat.com/security/cve/CVE-2018-16300
https://access.redhat.com/security/cve/CVE-2018-16451
https://access.redhat.com/security/cve/CVE-2018-16452
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-3884
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-6977
https://access.redhat.com/security/cve/CVE-2019-6978
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9455
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-11068
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15166
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-15925
https://access.redhat.com/security/cve/CVE-2019-16167
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-18809
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19056
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19068
https://access.redhat.com/security/cve/CVE-2019-19072
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19319
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19533
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19543
https://access.redhat.com/security/cve/CVE-2019-19602
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19770
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20386
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-20812
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-0305
https://access.redhat.com/security/cve/CVE-2020-0444
https://access.redhat.com/security/cve/CVE-2020-1716
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3898
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-7774
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-8563
https://access.redhat.com/security/cve/CVE-2020-8566
https://access.redhat.com/security/cve/CVE-2020-8619
https://access.redhat.com/security/cve/CVE-2020-8622
https://access.redhat.com/security/cve/CVE-2020-8623
https://access.redhat.com/security/cve/CVE-2020-8624
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8648
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10763
https://access.redhat.com/security/cve/CVE-2020-10773
https://access.redhat.com/security/cve/CVE-2020-10774
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-11668
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-12465
https://access.redhat.com/security/cve/CVE-2020-12655
https://access.redhat.com/security/cve/CVE-2020-12659
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14019
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14381
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15157
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-15862
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2020-16166
https://access.redhat.com/security/cve/CVE-2020-24490
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25641
https://access.redhat.com/security/cve/CVE-2020-25658
https://access.redhat.com/security/cve/CVE-2020-25661
https://access.redhat.com/security/cve/CVE-2020-25662
https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/cve/CVE-2020-26160
https://access.redhat.com/security/cve/CVE-2020-27813
https://access.redhat.com/security/cve/CVE-2020-27846
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-29652
https://access.redhat.com/security/cve/CVE-2021-2007
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T
lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H
EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8
4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4
mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL
ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy
Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk
4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM
uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG
krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv
RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6
McvuEaxco7U=
=sw8i
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
This advisory provides the following updates among others:
* Enhances profile parsing time.
* Fixes excessive resource consumption from the Operator.
* Fixes default content image.
* Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1918990 - ComplianceSuite scans use quay content image for initContainer
1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present
1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules
1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console.
Bug Fix(es):
* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
* The compliancesuite object returns error with ocp4-cis tailored profile
(BZ#1902251)
* The compliancesuite does not trigger when there are multiple rhcos4
profiles added in scansettingbinding object (BZ#1902634)
* [OCP v46] Not all remediations get applied through machineConfig although
the status of all rules shows Applied in ComplianceRemediations object
(BZ#1907414)
* The profile parser pod deployment and associated profiles should get
removed after upgrade the compliance operator (BZ#1908991)
* Applying the "rhcos4-moderate" compliance profile leads to Ignition error
"something else exists at that path" (BZ#1909081)
* [OCP v46] Always update the default profilebundles on Compliance operator
startup (BZ#1909122)
3. Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902251 - The compliancesuite object returns error with ocp4-cis tailored profile
1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path"
1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-5 watchOS 6.2.5
watchOS 6.2.5 addresses the following:
Accounts
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AppleMobileFileIntegrity
Available for: Apple Watch Series 1 and later
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FontParser
Available for: Apple Watch Series 1 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9819: ZecOps.com
Mail
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9818: ZecOps.com
Python
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
SQLite
Available for: Apple Watch Series 1 and later
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
zsh
Available for: Apple Watch Series 1 and later
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Luke Walker of Manchester Metropolitan
University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24.
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version:
gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4),
webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk
(1.6.0).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1207179 - Select items matching non existing pattern does not unselect already selected
1566027 - can't correctly compute contents size if hidden files are included
1569868 - Browsing samba shares using gvfs is very slow
1652178 - [RFE] perf-tool run on wayland
1656262 - The terminal's character display is unclear on rhel8 guest after installing gnome
1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled
1692536 - login screen shows after gnome-initial-setup
1706008 - Sound Effect sometimes fails to change to selected option.
1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead.
1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined
1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly
1758891 - tracker-devel subpackage missing from el8 repos
1775345 - Rebase xdg-desktop-portal to 1.6
1778579 - Nautilus does not respect umask settings.
1779691 - Rebase xdg-desktop-portal-gtk to 1.6
1794045 - There are two different high contrast versions of desktop icons
1804719 - Update vte291 to 0.52.4
1805929 - RHEL 8.1 gnome-shell-extension errors
1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
1814820 - No checkbox to install updates in the shutdown dialog
1816070 - "search for an application to open this file" dialog broken
1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution
1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1817143 - Rebase WebKitGTK to 2.28
1820759 - Include IO stall fixes
1820760 - Include IO fixes
1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening
1827030 - gnome-settings-daemon: subscription notification on CentOS Stream
1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content
1832347 - [Rebase] Rebase pipewire to 0.3.x
1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install
1837381 - Backport screen cast improvements to 8.3
1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version
1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6
1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113
1840080 - Can not control top bar menus via keys in Wayland
1840788 - [flatpak][rhel8] unable to build potrace as dependency
1843486 - Software crash after clicking Updates tab
1844578 - anaconda very rarely crashes at startup with a pygobject traceback
1846191 - usb adapters hotplug crashes gnome-shell
1847051 - JS ERROR: TypeError: area is null
1847061 - File search doesn't work under certain locales
1847062 - gnome-remote-desktop crash on QXL graphics
1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV
1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow
1854734 - PipeWire 0.2 should be required by xdg-desktop-portal
1866332 - Remove obsolete libusb-devel dependency
1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at "Started GNOME Display Manager" - GDM regression issue. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-2.el8.src.rpm
PackageKit-1.1.12-6.el8.src.rpm
dleyna-renderer-0.6.0-3.el8.src.rpm
frei0r-plugins-1.6.1-7.el8.src.rpm
gdm-3.28.3-34.el8.src.rpm
gnome-control-center-3.28.2-22.el8.src.rpm
gnome-photos-3.28.1-3.el8.src.rpm
gnome-remote-desktop-0.1.8-3.el8.src.rpm
gnome-session-3.28.1-10.el8.src.rpm
gnome-settings-daemon-3.32.0-11.el8.src.rpm
gnome-shell-3.32.2-20.el8.src.rpm
gnome-shell-extensions-3.32.1-11.el8.src.rpm
gnome-terminal-3.28.3-2.el8.src.rpm
gtk3-3.22.30-6.el8.src.rpm
gvfs-1.36.2-10.el8.src.rpm
mutter-3.32.2-48.el8.src.rpm
nautilus-3.28.1-14.el8.src.rpm
pipewire-0.3.6-1.el8.src.rpm
pipewire0.2-0.2.7-6.el8.src.rpm
potrace-1.15-3.el8.src.rpm
tracker-2.1.5-2.el8.src.rpm
vte291-0.52.4-2.el8.src.rpm
webkit2gtk3-2.28.4-1.el8.src.rpm
webrtc-audio-processing-0.3-9.el8.src.rpm
xdg-desktop-portal-1.6.0-2.el8.src.rpm
xdg-desktop-portal-gtk-1.6.0-1.el8.src.rpm
aarch64:
PackageKit-1.1.12-6.el8.aarch64.rpm
PackageKit-command-not-found-1.1.12-6.el8.aarch64.rpm
PackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm
PackageKit-cron-1.1.12-6.el8.aarch64.rpm
PackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm
PackageKit-debugsource-1.1.12-6.el8.aarch64.rpm
PackageKit-glib-1.1.12-6.el8.aarch64.rpm
PackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm
PackageKit-gstreamer-plugin-1.1.12-6.el8.aarch64.rpm
PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm
PackageKit-gtk3-module-1.1.12-6.el8.aarch64.rpm
PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm
frei0r-plugins-1.6.1-7.el8.aarch64.rpm
frei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm
frei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm
frei0r-plugins-opencv-1.6.1-7.el8.aarch64.rpm
frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm
gdm-3.28.3-34.el8.aarch64.rpm
gdm-debuginfo-3.28.3-34.el8.aarch64.rpm
gdm-debugsource-3.28.3-34.el8.aarch64.rpm
gnome-control-center-3.28.2-22.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-22.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-22.el8.aarch64.rpm
gnome-remote-desktop-0.1.8-3.el8.aarch64.rpm
gnome-remote-desktop-debuginfo-0.1.8-3.el8.aarch64.rpm
gnome-remote-desktop-debugsource-0.1.8-3.el8.aarch64.rpm
gnome-session-3.28.1-10.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-10.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-10.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-10.el8.aarch64.rpm
gnome-session-xsession-3.28.1-10.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-11.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-11.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-11.el8.aarch64.rpm
gnome-shell-3.32.2-20.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-20.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-20.el8.aarch64.rpm
gnome-terminal-3.28.3-2.el8.aarch64.rpm
gnome-terminal-debuginfo-3.28.3-2.el8.aarch64.rpm
gnome-terminal-debugsource-3.28.3-2.el8.aarch64.rpm
gnome-terminal-nautilus-3.28.3-2.el8.aarch64.rpm
gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-5.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-6.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-6.el8.aarch64.rpm
gtk3-3.22.30-6.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-6.el8.aarch64.rpm
gtk3-debugsource-3.22.30-6.el8.aarch64.rpm
gtk3-devel-3.22.30-6.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-6.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-6.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-6.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-6.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-6.el8.aarch64.rpm
gvfs-1.36.2-10.el8.aarch64.rpm
gvfs-afc-1.36.2-10.el8.aarch64.rpm
gvfs-afc-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-afp-1.36.2-10.el8.aarch64.rpm
gvfs-afp-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-archive-1.36.2-10.el8.aarch64.rpm
gvfs-archive-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-client-1.36.2-10.el8.aarch64.rpm
gvfs-client-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-debugsource-1.36.2-10.el8.aarch64.rpm
gvfs-devel-1.36.2-10.el8.aarch64.rpm
gvfs-fuse-1.36.2-10.el8.aarch64.rpm
gvfs-fuse-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-goa-1.36.2-10.el8.aarch64.rpm
gvfs-goa-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-gphoto2-1.36.2-10.el8.aarch64.rpm
gvfs-gphoto2-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-mtp-1.36.2-10.el8.aarch64.rpm
gvfs-mtp-debuginfo-1.36.2-10.el8.aarch64.rpm
gvfs-smb-1.36.2-10.el8.aarch64.rpm
gvfs-smb-debuginfo-1.36.2-10.el8.aarch64.rpm
libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm
libsoup-debugsource-2.62.3-2.el8.aarch64.rpm
libsoup-devel-2.62.3-2.el8.aarch64.rpm
mutter-3.32.2-48.el8.aarch64.rpm
mutter-debuginfo-3.32.2-48.el8.aarch64.rpm
mutter-debugsource-3.32.2-48.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm
nautilus-3.28.1-14.el8.aarch64.rpm
nautilus-debuginfo-3.28.1-14.el8.aarch64.rpm
nautilus-debugsource-3.28.1-14.el8.aarch64.rpm
nautilus-extensions-3.28.1-14.el8.aarch64.rpm
nautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm
pipewire-0.3.6-1.el8.aarch64.rpm
pipewire-alsa-debuginfo-0.3.6-1.el8.aarch64.rpm
pipewire-debuginfo-0.3.6-1.el8.aarch64.rpm
pipewire-debugsource-0.3.6-1.el8.aarch64.rpm
pipewire-devel-0.3.6-1.el8.aarch64.rpm
pipewire-doc-0.3.6-1.el8.aarch64.rpm
pipewire-gstreamer-debuginfo-0.3.6-1.el8.aarch64.rpm
pipewire-libs-0.3.6-1.el8.aarch64.rpm
pipewire-libs-debuginfo-0.3.6-1.el8.aarch64.rpm
pipewire-utils-0.3.6-1.el8.aarch64.rpm
pipewire-utils-debuginfo-0.3.6-1.el8.aarch64.rpm
pipewire0.2-debugsource-0.2.7-6.el8.aarch64.rpm
pipewire0.2-devel-0.2.7-6.el8.aarch64.rpm
pipewire0.2-libs-0.2.7-6.el8.aarch64.rpm
pipewire0.2-libs-debuginfo-0.2.7-6.el8.aarch64.rpm
potrace-1.15-3.el8.aarch64.rpm
potrace-debuginfo-1.15-3.el8.aarch64.rpm
potrace-debugsource-1.15-3.el8.aarch64.rpm
pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm
pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm
python3-gobject-3.28.3-2.el8.aarch64.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm
python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm
tracker-2.1.5-2.el8.aarch64.rpm
tracker-debuginfo-2.1.5-2.el8.aarch64.rpm
tracker-debugsource-2.1.5-2.el8.aarch64.rpm
vte-profile-0.52.4-2.el8.aarch64.rpm
vte291-0.52.4-2.el8.aarch64.rpm
vte291-debuginfo-0.52.4-2.el8.aarch64.rpm
vte291-debugsource-0.52.4-2.el8.aarch64.rpm
vte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm
webkit2gtk3-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-devel-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.28.4-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.aarch64.rpm
webrtc-audio-processing-0.3-9.el8.aarch64.rpm
webrtc-audio-processing-debuginfo-0.3-9.el8.aarch64.rpm
webrtc-audio-processing-debugsource-0.3-9.el8.aarch64.rpm
xdg-desktop-portal-1.6.0-2.el8.aarch64.rpm
xdg-desktop-portal-debuginfo-1.6.0-2.el8.aarch64.rpm
xdg-desktop-portal-debugsource-1.6.0-2.el8.aarch64.rpm
xdg-desktop-portal-gtk-1.6.0-1.el8.aarch64.rpm
xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.aarch64.rpm
xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-11.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-22.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-11.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-11.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-2.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm
PackageKit-1.1.12-6.el8.ppc64le.rpm
PackageKit-command-not-found-1.1.12-6.el8.ppc64le.rpm
PackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm
PackageKit-cron-1.1.12-6.el8.ppc64le.rpm
PackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm
PackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm
PackageKit-glib-1.1.12-6.el8.ppc64le.rpm
PackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm
PackageKit-gstreamer-plugin-1.1.12-6.el8.ppc64le.rpm
PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm
PackageKit-gtk3-module-1.1.12-6.el8.ppc64le.rpm
PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm
dleyna-renderer-0.6.0-3.el8.ppc64le.rpm
dleyna-renderer-debuginfo-0.6.0-3.el8.ppc64le.rpm
dleyna-renderer-debugsource-0.6.0-3.el8.ppc64le.rpm
frei0r-plugins-1.6.1-7.el8.ppc64le.rpm
frei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm
frei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm
frei0r-plugins-opencv-1.6.1-7.el8.ppc64le.rpm
frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm
gdm-3.28.3-34.el8.ppc64le.rpm
gdm-debuginfo-3.28.3-34.el8.ppc64le.rpm
gdm-debugsource-3.28.3-34.el8.ppc64le.rpm
gnome-control-center-3.28.2-22.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-22.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-22.el8.ppc64le.rpm
gnome-photos-3.28.1-3.el8.ppc64le.rpm
gnome-photos-debuginfo-3.28.1-3.el8.ppc64le.rpm
gnome-photos-debugsource-3.28.1-3.el8.ppc64le.rpm
gnome-photos-tests-3.28.1-3.el8.ppc64le.rpm
gnome-remote-desktop-0.1.8-3.el8.ppc64le.rpm
gnome-remote-desktop-debuginfo-0.1.8-3.el8.ppc64le.rpm
gnome-remote-desktop-debugsource-0.1.8-3.el8.ppc64le.rpm
gnome-session-3.28.1-10.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-10.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-10.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-10.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-10.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-11.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-11.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-11.el8.ppc64le.rpm
gnome-shell-3.32.2-20.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-20.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-20.el8.ppc64le.rpm
gnome-terminal-3.28.3-2.el8.ppc64le.rpm
gnome-terminal-debuginfo-3.28.3-2.el8.ppc64le.rpm
gnome-terminal-debugsource-3.28.3-2.el8.ppc64le.rpm
gnome-terminal-nautilus-3.28.3-2.el8.ppc64le.rpm
gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-5.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-6.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-6.el8.ppc64le.rpm
gtk3-3.22.30-6.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-6.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-6.el8.ppc64le.rpm
gtk3-devel-3.22.30-6.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-6.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-6.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-6.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-6.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-6.el8.ppc64le.rpm
gvfs-1.36.2-10.el8.ppc64le.rpm
gvfs-afc-1.36.2-10.el8.ppc64le.rpm
gvfs-afc-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-afp-1.36.2-10.el8.ppc64le.rpm
gvfs-afp-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-archive-1.36.2-10.el8.ppc64le.rpm
gvfs-archive-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-client-1.36.2-10.el8.ppc64le.rpm
gvfs-client-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-debugsource-1.36.2-10.el8.ppc64le.rpm
gvfs-devel-1.36.2-10.el8.ppc64le.rpm
gvfs-fuse-1.36.2-10.el8.ppc64le.rpm
gvfs-fuse-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-goa-1.36.2-10.el8.ppc64le.rpm
gvfs-goa-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-gphoto2-1.36.2-10.el8.ppc64le.rpm
gvfs-gphoto2-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-mtp-1.36.2-10.el8.ppc64le.rpm
gvfs-mtp-debuginfo-1.36.2-10.el8.ppc64le.rpm
gvfs-smb-1.36.2-10.el8.ppc64le.rpm
gvfs-smb-debuginfo-1.36.2-10.el8.ppc64le.rpm
libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm
libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm
libsoup-devel-2.62.3-2.el8.ppc64le.rpm
mutter-3.32.2-48.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-48.el8.ppc64le.rpm
mutter-debugsource-3.32.2-48.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm
nautilus-3.28.1-14.el8.ppc64le.rpm
nautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm
nautilus-debugsource-3.28.1-14.el8.ppc64le.rpm
nautilus-extensions-3.28.1-14.el8.ppc64le.rpm
nautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm
pipewire-0.3.6-1.el8.ppc64le.rpm
pipewire-alsa-debuginfo-0.3.6-1.el8.ppc64le.rpm
pipewire-debuginfo-0.3.6-1.el8.ppc64le.rpm
pipewire-debugsource-0.3.6-1.el8.ppc64le.rpm
pipewire-devel-0.3.6-1.el8.ppc64le.rpm
pipewire-doc-0.3.6-1.el8.ppc64le.rpm
pipewire-gstreamer-debuginfo-0.3.6-1.el8.ppc64le.rpm
pipewire-libs-0.3.6-1.el8.ppc64le.rpm
pipewire-libs-debuginfo-0.3.6-1.el8.ppc64le.rpm
pipewire-utils-0.3.6-1.el8.ppc64le.rpm
pipewire-utils-debuginfo-0.3.6-1.el8.ppc64le.rpm
pipewire0.2-debugsource-0.2.7-6.el8.ppc64le.rpm
pipewire0.2-devel-0.2.7-6.el8.ppc64le.rpm
pipewire0.2-libs-0.2.7-6.el8.ppc64le.rpm
pipewire0.2-libs-debuginfo-0.2.7-6.el8.ppc64le.rpm
potrace-1.15-3.el8.ppc64le.rpm
potrace-debuginfo-1.15-3.el8.ppc64le.rpm
potrace-debugsource-1.15-3.el8.ppc64le.rpm
pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm
pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm
python3-gobject-3.28.3-2.el8.ppc64le.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm
python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm
tracker-2.1.5-2.el8.ppc64le.rpm
tracker-debuginfo-2.1.5-2.el8.ppc64le.rpm
tracker-debugsource-2.1.5-2.el8.ppc64le.rpm
vte-profile-0.52.4-2.el8.ppc64le.rpm
vte291-0.52.4-2.el8.ppc64le.rpm
vte291-debuginfo-0.52.4-2.el8.ppc64le.rpm
vte291-debugsource-0.52.4-2.el8.ppc64le.rpm
vte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm
webkit2gtk3-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.28.4-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm
webrtc-audio-processing-0.3-9.el8.ppc64le.rpm
webrtc-audio-processing-debuginfo-0.3-9.el8.ppc64le.rpm
webrtc-audio-processing-debugsource-0.3-9.el8.ppc64le.rpm
xdg-desktop-portal-1.6.0-2.el8.ppc64le.rpm
xdg-desktop-portal-debuginfo-1.6.0-2.el8.ppc64le.rpm
xdg-desktop-portal-debugsource-1.6.0-2.el8.ppc64le.rpm
xdg-desktop-portal-gtk-1.6.0-1.el8.ppc64le.rpm
xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.ppc64le.rpm
xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.ppc64le.rpm
s390x:
PackageKit-1.1.12-6.el8.s390x.rpm
PackageKit-command-not-found-1.1.12-6.el8.s390x.rpm
PackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm
PackageKit-cron-1.1.12-6.el8.s390x.rpm
PackageKit-debuginfo-1.1.12-6.el8.s390x.rpm
PackageKit-debugsource-1.1.12-6.el8.s390x.rpm
PackageKit-glib-1.1.12-6.el8.s390x.rpm
PackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm
PackageKit-gstreamer-plugin-1.1.12-6.el8.s390x.rpm
PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm
PackageKit-gtk3-module-1.1.12-6.el8.s390x.rpm
PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm
frei0r-plugins-1.6.1-7.el8.s390x.rpm
frei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm
frei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm
frei0r-plugins-opencv-1.6.1-7.el8.s390x.rpm
frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm
gdm-3.28.3-34.el8.s390x.rpm
gdm-debuginfo-3.28.3-34.el8.s390x.rpm
gdm-debugsource-3.28.3-34.el8.s390x.rpm
gnome-control-center-3.28.2-22.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-22.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-22.el8.s390x.rpm
gnome-remote-desktop-0.1.8-3.el8.s390x.rpm
gnome-remote-desktop-debuginfo-0.1.8-3.el8.s390x.rpm
gnome-remote-desktop-debugsource-0.1.8-3.el8.s390x.rpm
gnome-session-3.28.1-10.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-10.el8.s390x.rpm
gnome-session-debugsource-3.28.1-10.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-10.el8.s390x.rpm
gnome-session-xsession-3.28.1-10.el8.s390x.rpm
gnome-settings-daemon-3.32.0-11.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-11.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-11.el8.s390x.rpm
gnome-shell-3.32.2-20.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-20.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-20.el8.s390x.rpm
gnome-terminal-3.28.3-2.el8.s390x.rpm
gnome-terminal-debuginfo-3.28.3-2.el8.s390x.rpm
gnome-terminal-debugsource-3.28.3-2.el8.s390x.rpm
gnome-terminal-nautilus-3.28.3-2.el8.s390x.rpm
gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-5.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-6.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-6.el8.s390x.rpm
gtk3-3.22.30-6.el8.s390x.rpm
gtk3-debuginfo-3.22.30-6.el8.s390x.rpm
gtk3-debugsource-3.22.30-6.el8.s390x.rpm
gtk3-devel-3.22.30-6.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-6.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-6.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-6.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-6.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-6.el8.s390x.rpm
gvfs-1.36.2-10.el8.s390x.rpm
gvfs-afp-1.36.2-10.el8.s390x.rpm
gvfs-afp-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-archive-1.36.2-10.el8.s390x.rpm
gvfs-archive-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-client-1.36.2-10.el8.s390x.rpm
gvfs-client-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-debugsource-1.36.2-10.el8.s390x.rpm
gvfs-devel-1.36.2-10.el8.s390x.rpm
gvfs-fuse-1.36.2-10.el8.s390x.rpm
gvfs-fuse-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-goa-1.36.2-10.el8.s390x.rpm
gvfs-goa-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-gphoto2-1.36.2-10.el8.s390x.rpm
gvfs-gphoto2-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-mtp-1.36.2-10.el8.s390x.rpm
gvfs-mtp-debuginfo-1.36.2-10.el8.s390x.rpm
gvfs-smb-1.36.2-10.el8.s390x.rpm
gvfs-smb-debuginfo-1.36.2-10.el8.s390x.rpm
libsoup-debuginfo-2.62.3-2.el8.s390x.rpm
libsoup-debugsource-2.62.3-2.el8.s390x.rpm
libsoup-devel-2.62.3-2.el8.s390x.rpm
mutter-3.32.2-48.el8.s390x.rpm
mutter-debuginfo-3.32.2-48.el8.s390x.rpm
mutter-debugsource-3.32.2-48.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm
nautilus-3.28.1-14.el8.s390x.rpm
nautilus-debuginfo-3.28.1-14.el8.s390x.rpm
nautilus-debugsource-3.28.1-14.el8.s390x.rpm
nautilus-extensions-3.28.1-14.el8.s390x.rpm
nautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm
pipewire-0.3.6-1.el8.s390x.rpm
pipewire-alsa-debuginfo-0.3.6-1.el8.s390x.rpm
pipewire-debuginfo-0.3.6-1.el8.s390x.rpm
pipewire-debugsource-0.3.6-1.el8.s390x.rpm
pipewire-devel-0.3.6-1.el8.s390x.rpm
pipewire-gstreamer-debuginfo-0.3.6-1.el8.s390x.rpm
pipewire-libs-0.3.6-1.el8.s390x.rpm
pipewire-libs-debuginfo-0.3.6-1.el8.s390x.rpm
pipewire-utils-0.3.6-1.el8.s390x.rpm
pipewire-utils-debuginfo-0.3.6-1.el8.s390x.rpm
pipewire0.2-debugsource-0.2.7-6.el8.s390x.rpm
pipewire0.2-devel-0.2.7-6.el8.s390x.rpm
pipewire0.2-libs-0.2.7-6.el8.s390x.rpm
pipewire0.2-libs-debuginfo-0.2.7-6.el8.s390x.rpm
potrace-1.15-3.el8.s390x.rpm
potrace-debuginfo-1.15-3.el8.s390x.rpm
potrace-debugsource-1.15-3.el8.s390x.rpm
pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm
pygobject3-debugsource-3.28.3-2.el8.s390x.rpm
python3-gobject-3.28.3-2.el8.s390x.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm
python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm
tracker-2.1.5-2.el8.s390x.rpm
tracker-debuginfo-2.1.5-2.el8.s390x.rpm
tracker-debugsource-2.1.5-2.el8.s390x.rpm
vte-profile-0.52.4-2.el8.s390x.rpm
vte291-0.52.4-2.el8.s390x.rpm
vte291-debuginfo-0.52.4-2.el8.s390x.rpm
vte291-debugsource-0.52.4-2.el8.s390x.rpm
vte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm
webkit2gtk3-2.28.4-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.28.4-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.28.4-1.el8.s390x.rpm
webkit2gtk3-devel-2.28.4-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.28.4-1.el8.s390x.rpm
webkit2gtk3-jsc-2.28.4-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.28.4-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.s390x.rpm
webrtc-audio-processing-0.3-9.el8.s390x.rpm
webrtc-audio-processing-debuginfo-0.3-9.el8.s390x.rpm
webrtc-audio-processing-debugsource-0.3-9.el8.s390x.rpm
xdg-desktop-portal-1.6.0-2.el8.s390x.rpm
xdg-desktop-portal-debuginfo-1.6.0-2.el8.s390x.rpm
xdg-desktop-portal-debugsource-1.6.0-2.el8.s390x.rpm
xdg-desktop-portal-gtk-1.6.0-1.el8.s390x.rpm
xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.s390x.rpm
xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-2.el8.i686.rpm
LibRaw-0.19.5-2.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-2.el8.i686.rpm
LibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-2.el8.i686.rpm
LibRaw-debugsource-0.19.5-2.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm
PackageKit-1.1.12-6.el8.x86_64.rpm
PackageKit-command-not-found-1.1.12-6.el8.x86_64.rpm
PackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm
PackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm
PackageKit-cron-1.1.12-6.el8.x86_64.rpm
PackageKit-debuginfo-1.1.12-6.el8.i686.rpm
PackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm
PackageKit-debugsource-1.1.12-6.el8.i686.rpm
PackageKit-debugsource-1.1.12-6.el8.x86_64.rpm
PackageKit-glib-1.1.12-6.el8.i686.rpm
PackageKit-glib-1.1.12-6.el8.x86_64.rpm
PackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm
PackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm
PackageKit-gstreamer-plugin-1.1.12-6.el8.x86_64.rpm
PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm
PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm
PackageKit-gtk3-module-1.1.12-6.el8.i686.rpm
PackageKit-gtk3-module-1.1.12-6.el8.x86_64.rpm
PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm
PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm
dleyna-renderer-0.6.0-3.el8.x86_64.rpm
dleyna-renderer-debuginfo-0.6.0-3.el8.x86_64.rpm
dleyna-renderer-debugsource-0.6.0-3.el8.x86_64.rpm
frei0r-plugins-1.6.1-7.el8.x86_64.rpm
frei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm
frei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm
frei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpm
frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm
gdm-3.28.3-34.el8.i686.rpm
gdm-3.28.3-34.el8.x86_64.rpm
gdm-debuginfo-3.28.3-34.el8.i686.rpm
gdm-debuginfo-3.28.3-34.el8.x86_64.rpm
gdm-debugsource-3.28.3-34.el8.i686.rpm
gdm-debugsource-3.28.3-34.el8.x86_64.rpm
gnome-control-center-3.28.2-22.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-22.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-22.el8.x86_64.rpm
gnome-photos-3.28.1-3.el8.x86_64.rpm
gnome-photos-debuginfo-3.28.1-3.el8.x86_64.rpm
gnome-photos-debugsource-3.28.1-3.el8.x86_64.rpm
gnome-photos-tests-3.28.1-3.el8.x86_64.rpm
gnome-remote-desktop-0.1.8-3.el8.x86_64.rpm
gnome-remote-desktop-debuginfo-0.1.8-3.el8.x86_64.rpm
gnome-remote-desktop-debugsource-0.1.8-3.el8.x86_64.rpm
gnome-session-3.28.1-10.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-10.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-10.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-10.el8.x86_64.rpm
gnome-session-xsession-3.28.1-10.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-11.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-11.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-11.el8.x86_64.rpm
gnome-shell-3.32.2-20.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-20.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-20.el8.x86_64.rpm
gnome-terminal-3.28.3-2.el8.x86_64.rpm
gnome-terminal-debuginfo-3.28.3-2.el8.x86_64.rpm
gnome-terminal-debugsource-3.28.3-2.el8.x86_64.rpm
gnome-terminal-nautilus-3.28.3-2.el8.x86_64.rpm
gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-5.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-5.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-5.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-6.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-6.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-6.el8.x86_64.rpm
gtk3-3.22.30-6.el8.i686.rpm
gtk3-3.22.30-6.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-6.el8.i686.rpm
gtk3-debuginfo-3.22.30-6.el8.x86_64.rpm
gtk3-debugsource-3.22.30-6.el8.i686.rpm
gtk3-debugsource-3.22.30-6.el8.x86_64.rpm
gtk3-devel-3.22.30-6.el8.i686.rpm
gtk3-devel-3.22.30-6.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-6.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-6.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-6.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-6.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-6.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-6.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-6.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-6.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-6.el8.x86_64.rpm
gvfs-1.36.2-10.el8.x86_64.rpm
gvfs-afc-1.36.2-10.el8.x86_64.rpm
gvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-afc-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-afp-1.36.2-10.el8.x86_64.rpm
gvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-afp-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-archive-1.36.2-10.el8.x86_64.rpm
gvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-archive-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-client-1.36.2-10.el8.i686.rpm
gvfs-client-1.36.2-10.el8.x86_64.rpm
gvfs-client-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-client-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-debugsource-1.36.2-10.el8.i686.rpm
gvfs-debugsource-1.36.2-10.el8.x86_64.rpm
gvfs-devel-1.36.2-10.el8.i686.rpm
gvfs-devel-1.36.2-10.el8.x86_64.rpm
gvfs-fuse-1.36.2-10.el8.x86_64.rpm
gvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-fuse-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-goa-1.36.2-10.el8.x86_64.rpm
gvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-goa-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-gphoto2-1.36.2-10.el8.x86_64.rpm
gvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-gphoto2-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-mtp-1.36.2-10.el8.x86_64.rpm
gvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-mtp-debuginfo-1.36.2-10.el8.x86_64.rpm
gvfs-smb-1.36.2-10.el8.x86_64.rpm
gvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm
gvfs-smb-debuginfo-1.36.2-10.el8.x86_64.rpm
libsoup-debuginfo-2.62.3-2.el8.i686.rpm
libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm
libsoup-debugsource-2.62.3-2.el8.i686.rpm
libsoup-debugsource-2.62.3-2.el8.x86_64.rpm
libsoup-devel-2.62.3-2.el8.i686.rpm
libsoup-devel-2.62.3-2.el8.x86_64.rpm
mutter-3.32.2-48.el8.i686.rpm
mutter-3.32.2-48.el8.x86_64.rpm
mutter-debuginfo-3.32.2-48.el8.i686.rpm
mutter-debuginfo-3.32.2-48.el8.x86_64.rpm
mutter-debugsource-3.32.2-48.el8.i686.rpm
mutter-debugsource-3.32.2-48.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-48.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm
nautilus-3.28.1-14.el8.x86_64.rpm
nautilus-debuginfo-3.28.1-14.el8.i686.rpm
nautilus-debuginfo-3.28.1-14.el8.x86_64.rpm
nautilus-debugsource-3.28.1-14.el8.i686.rpm
nautilus-debugsource-3.28.1-14.el8.x86_64.rpm
nautilus-extensions-3.28.1-14.el8.i686.rpm
nautilus-extensions-3.28.1-14.el8.x86_64.rpm
nautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm
nautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm
pipewire-0.3.6-1.el8.i686.rpm
pipewire-0.3.6-1.el8.x86_64.rpm
pipewire-alsa-debuginfo-0.3.6-1.el8.i686.rpm
pipewire-alsa-debuginfo-0.3.6-1.el8.x86_64.rpm
pipewire-debuginfo-0.3.6-1.el8.i686.rpm
pipewire-debuginfo-0.3.6-1.el8.x86_64.rpm
pipewire-debugsource-0.3.6-1.el8.i686.rpm
pipewire-debugsource-0.3.6-1.el8.x86_64.rpm
pipewire-devel-0.3.6-1.el8.i686.rpm
pipewire-devel-0.3.6-1.el8.x86_64.rpm
pipewire-doc-0.3.6-1.el8.x86_64.rpm
pipewire-gstreamer-debuginfo-0.3.6-1.el8.i686.rpm
pipewire-gstreamer-debuginfo-0.3.6-1.el8.x86_64.rpm
pipewire-libs-0.3.6-1.el8.i686.rpm
pipewire-libs-0.3.6-1.el8.x86_64.rpm
pipewire-libs-debuginfo-0.3.6-1.el8.i686.rpm
pipewire-libs-debuginfo-0.3.6-1.el8.x86_64.rpm
pipewire-utils-0.3.6-1.el8.x86_64.rpm
pipewire-utils-debuginfo-0.3.6-1.el8.i686.rpm
pipewire-utils-debuginfo-0.3.6-1.el8.x86_64.rpm
pipewire0.2-debugsource-0.2.7-6.el8.i686.rpm
pipewire0.2-debugsource-0.2.7-6.el8.x86_64.rpm
pipewire0.2-devel-0.2.7-6.el8.i686.rpm
pipewire0.2-devel-0.2.7-6.el8.x86_64.rpm
pipewire0.2-libs-0.2.7-6.el8.i686.rpm
pipewire0.2-libs-0.2.7-6.el8.x86_64.rpm
pipewire0.2-libs-debuginfo-0.2.7-6.el8.i686.rpm
pipewire0.2-libs-debuginfo-0.2.7-6.el8.x86_64.rpm
potrace-1.15-3.el8.i686.rpm
potrace-1.15-3.el8.x86_64.rpm
potrace-debuginfo-1.15-3.el8.i686.rpm
potrace-debuginfo-1.15-3.el8.x86_64.rpm
potrace-debugsource-1.15-3.el8.i686.rpm
potrace-debugsource-1.15-3.el8.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el8.i686.rpm
pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm
pygobject3-debugsource-3.28.3-2.el8.i686.rpm
pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm
python3-gobject-3.28.3-2.el8.i686.rpm
python3-gobject-3.28.3-2.el8.x86_64.rpm
python3-gobject-base-3.28.3-2.el8.i686.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm
python3-gobject-debuginfo-3.28.3-2.el8.i686.rpm
python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm
tracker-2.1.5-2.el8.i686.rpm
tracker-2.1.5-2.el8.x86_64.rpm
tracker-debuginfo-2.1.5-2.el8.i686.rpm
tracker-debuginfo-2.1.5-2.el8.x86_64.rpm
tracker-debugsource-2.1.5-2.el8.i686.rpm
tracker-debugsource-2.1.5-2.el8.x86_64.rpm
vte-profile-0.52.4-2.el8.x86_64.rpm
vte291-0.52.4-2.el8.i686.rpm
vte291-0.52.4-2.el8.x86_64.rpm
vte291-debuginfo-0.52.4-2.el8.i686.rpm
vte291-debuginfo-0.52.4-2.el8.x86_64.rpm
vte291-debugsource-0.52.4-2.el8.i686.rpm
vte291-debugsource-0.52.4-2.el8.x86_64.rpm
vte291-devel-debuginfo-0.52.4-2.el8.i686.rpm
vte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm
webkit2gtk3-2.28.4-1.el8.i686.rpm
webkit2gtk3-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.28.4-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.28.4-1.el8.i686.rpm
webkit2gtk3-debugsource-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-devel-2.28.4-1.el8.i686.rpm
webkit2gtk3-devel-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.28.4-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.28.4-1.el8.i686.rpm
webkit2gtk3-jsc-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.28.4-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.28.4-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.x86_64.rpm
webrtc-audio-processing-0.3-9.el8.i686.rpm
webrtc-audio-processing-0.3-9.el8.x86_64.rpm
webrtc-audio-processing-debuginfo-0.3-9.el8.i686.rpm
webrtc-audio-processing-debuginfo-0.3-9.el8.x86_64.rpm
webrtc-audio-processing-debugsource-0.3-9.el8.i686.rpm
webrtc-audio-processing-debugsource-0.3-9.el8.x86_64.rpm
xdg-desktop-portal-1.6.0-2.el8.x86_64.rpm
xdg-desktop-portal-debuginfo-1.6.0-2.el8.x86_64.rpm
xdg-desktop-portal-debugsource-1.6.0-2.el8.x86_64.rpm
xdg-desktop-portal-gtk-1.6.0-1.el8.x86_64.rpm
xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.x86_64.rpm
xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-5.el8.src.rpm
libsoup-2.62.3-2.el8.src.rpm
pygobject3-3.28.3-2.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-5.el8.aarch64.rpm
libsoup-2.62.3-2.el8.aarch64.rpm
libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm
libsoup-debugsource-2.62.3-2.el8.aarch64.rpm
pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm
pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm
python3-gobject-base-3.28.3-2.el8.aarch64.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm
python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-5.el8.ppc64le.rpm
libsoup-2.62.3-2.el8.ppc64le.rpm
libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm
libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm
pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm
pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm
python3-gobject-base-3.28.3-2.el8.ppc64le.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm
python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-5.el8.s390x.rpm
libsoup-2.62.3-2.el8.s390x.rpm
libsoup-debuginfo-2.62.3-2.el8.s390x.rpm
libsoup-debugsource-2.62.3-2.el8.s390x.rpm
pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm
pygobject3-debugsource-3.28.3-2.el8.s390x.rpm
python3-gobject-base-3.28.3-2.el8.s390x.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm
python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-5.el8.x86_64.rpm
libsoup-2.62.3-2.el8.i686.rpm
libsoup-2.62.3-2.el8.x86_64.rpm
libsoup-debuginfo-2.62.3-2.el8.i686.rpm
libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm
libsoup-debugsource-2.62.3-2.el8.i686.rpm
libsoup-debugsource-2.62.3-2.el8.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm
pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm
python3-gobject-base-3.28.3-2.el8.x86_64.rpm
python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm
python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7.
CVE-2020-13753
Milan Crha discovered that an attacker may be able to execute
commands outside the bubblewrap sandbox.
For the stable distribution (buster), these problems have been fixed in
version 2.28.3-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8
Tjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM
kek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5
IV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h
PM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R
+08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW
Id+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O
wXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ
P7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc
JyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1
R8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO
2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU=
=L5lA
-----END PGP SIGNATURE-----
. Description:
Service Telemetry Framework (STF) provides automated collection of
measurements and data from remote clients, such as Red Hat OpenStack
Platform or third-party nodes. STF then transmits the information to a
centralized, receiving Red Hat OpenShift Container Platform (OCP)
deployment for storage, retrieval, and monitoring.
Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5 |
|
var-202106-0349
|
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
These packages include redhat-release-virtualization-host.
RHVH features a Cockpit user interface for monitoring the host's resources
and
performing administrative tasks.
Security Fix(es):
* glib: integer overflow in g_bytes_new function on 64-bit platforms due to
an implicit cast from 64 bits to 32 bits (CVE-2021-27219)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* dhcp: stack-based buffer overflow when parsing statements with
colon-separated hex digits in config or lease files in dhcpd and dhclient
(CVE-2021-25217)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. Bugs fixed (https://bugzilla.redhat.com/):
1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
1948377 - Rebase RHV-H 4.3 EUS on RHGS 3.5.z on RHEL 7 - Batch Update 4
1957238 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #6
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update
Advisory ID: RHSA-2021:3028-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3028
Issue date: 2021-08-09
CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
CVE-2020-24489 CVE-2020-24511 CVE-2020-24512
====================================================================
1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux
7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: Vector Register Data Sampling (CVE-2020-0548)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors
(CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors
(CVE-2020-24512)
* hw: Information disclosure issue in Intel SGX via RAPL interface
(CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
1890356 - CVE-2020-8698 hw: Fast forward store predictor
1897684 - [rhel-7.9.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0543
https://access.redhat.com/security/cve/CVE-2020-0548
https://access.redhat.com/security/cve/CVE-2020-0549
https://access.redhat.com/security/cve/CVE-2020-8695
https://access.redhat.com/security/cve/CVE-2020-8696
https://access.redhat.com/security/cve/CVE-2020-8698
https://access.redhat.com/security/cve/CVE-2020-24489
https://access.redhat.com/security/cve/CVE-2020-24511
https://access.redhat.com/security/cve/CVE-2020-24512
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYRD++tzjgjWX9erEAQhA1A//eeO88DFGpTcHgCHrsXimUtK3MZX0RppT
5UOWuXgmPJniMPDALpkfTNTnNGASjBB+WDclaW2d/sZf52PzYLao5wGVIYdUx3Nl
l9IvbGNMm0F7eI7aHdT2QnUhQQl1IpJrbmkhvBM2w85EmOfqlq+CpXnJMRXzoRdv
sFPrWAo1opDNnBV6iYAnyULHFuWwcvU28n3JU945W8p/PvqJgSze77i4dmpzYkBj
ljzVrIUl2pizBmnQMj03JJ+YeB8+oKb0uD2RdqHoxkUSFGH9OW6s/qytHu/eR4uL
Y7WmIfHUxGsVRcmIjo/VaAvvWs4A3hdOL3nGdRAMQOKp+VoDcX7VDNURoxK/bkcJ
OepHSyfWPCVXvOmU5l2ov1uzVQ/F+ajeevMehuzwQlTAIur5qE2eQ2Mwitfh/7WZ
W3x67peCz51zVPtb7rkQfpzQzZKkjSAAclOYMzltv2PA5vSXZy8+hEqWZwqtesQn
ltz36bjQMvRRhr1yGDbaFI5dcTB8T/eIkzmD6wPfbd7r7SEuE0GUd8Yf69VghGL2
f+mvR8oWb2x3RHXbpFm4aIt5mJHqIgfXDAohz7lXgLyJwQefyeJ5w+W8nOe+ZSK/
yvfiVQZz9tvPq8yqC87YWTA7zcnhoSmPvXRicJakpfJL/oz043Tc17jqxIra36sA
UjXnNBNse8A=LIYI
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-201410-1144
|
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.
This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
===========================
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
==================================================
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openssl security update
Advisory ID: RHSA-2014:1692-01
Product: Red Hat Storage
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html
Issue date: 2014-10-22
CVE Names: CVE-2014-3513 CVE-2014-3567
=====================================================================
1. Summary:
Updated openssl packages that contain a backported patch to mitigate the
CVE-2014-3566 issue and fix two security issues are now available for Red
Hat Storage 2.1.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Storage Server 2.1 - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article
at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to mitigate the CVE-2014-3566 issue and correct
the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Storage Server 2.1:
Source:
openssl-1.0.1e-30.el6_6.2.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.2.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3513
https://access.redhat.com/security/cve/CVE-2014-3567
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/1232123
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp
RpfQCptdJIpd6WXO7pw1vVo=
=T20t
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. This flaw allows a man-in-the-middle (MITM)
attacker to decrypt a selected byte of a cipher text in as few as 256
tries if they are able to force a victim application to repeatedly send
the same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools
Available for: OS X Yosemite v10.10.4 or later
Impact: An attacker may be able to bypass access restrictions
Description: An API issue existed in the apache configuration. This
issue was addressed by updating header files to use the latest
version.
CVE-ID
CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server
Available for: OS X Yosemite 10.10 or later
Impact: An attacker may be able to access restricted parts of the
filesystem
Description: A comparison issue existed in the node.js send module
prior to version 0.8.4. This issue was addressed by upgrading to
version 0.12.3.
CVE-ID
CVE-2014-6394 : Ilya Kantor
IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilties in OpenSSL
Description: Multiple vulnerabilties existed in the node.js OpenSSL
module prior to version 1.0.1j.
CVE-ID
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: An attacker with a privileged network position may be able
to inspect traffic to Xcode Server
Description: Connections to Xcode Server may have been made without
encryption. This issue was addressed through improved network
connection logic.
CVE-ID
CVE-2015-5910 : an anonymous researcher
IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Build notifications may be sent to unintended recipients
Description: An access issue existed in the handling of repository
email lists. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of
Anchorfree
subversion
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities existed in svn versions prior to
1.7.19
Description: Multiple vulnerabilities existed in svn versions prior
to 1.7.19. These issues were addressed by updating svn to version
1.7.20.
CVE-ID
CVE-2015-0248
CVE-2015-0251
Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.0".
Release Date: 2014-10-28
Last Updated: 2014-10-28
Potential Security Impact: Remote Denial of Service (DoS), unauthorized
access, man-in-the-middle (MitM) attack
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running
OpenSSL.
This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" also known as "Poodle", which could be exploited remotely to
allow disclosure of information.
References:
CVE-2014-3566 Man-in-th-Middle (MitM) attack
CVE-2014-3567 Remote Unauthorized Access
CVE-2014-3568 Remote Denial of Service (DoS)
SSRT101767
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The
updates are available from the following ftp site.
ftp://ssl098zc:Secure12@ftp.usa.hp.com
User name: ssl098zc Password: (NOTE: Case sensitive) Secure12
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zc or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 28 October 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:062
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : openssl
Date : March 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows
remote attackers to inject data across sessions or cause a denial of
service (use-after-free and parsing error) via an SSL connection in
a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before
1.0.1g do not properly handle Heartbeat Extension packets, which allows
remote attackers to obtain sensitive information from process memory
via crafted packets that trigger a buffer over-read, as demonstrated
by reading private keys, related to d1_both.c and t1_lib.c, aka the
Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue
became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before
1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square
of a BIGNUM value, which might make it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors,
related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and
crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger
a loss of forward secrecy by omitting the ServerKeyExchange message
(CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
does not enforce certain constraints on certificate data, which allows
remote attackers to defeat a fingerprint-based certificate-blacklist
protection mechanism by including crafted data within a
certificate's unsigned portion, related to crypto/asn1/a_verify.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c
(CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role, related to the FREAK issue. NOTE: the scope of
this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before
1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a
Diffie-Hellman (DH) certificate without requiring a CertificateVerify
message, which allows remote attackers to obtain access without
knowledge of a private key via crafted TLS Handshake Protocol traffic
to a server that recognizes a Certification Authority with DH support
(CVE-2015-0205).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before
1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not
properly handle a lack of outer ContentInfo, which allows attackers to
cause a denial of service (NULL pointer dereference and application
crash) by leveraging an application that processes arbitrary PKCS#7
data and providing malformed data with ASN.1 encoding, related to
crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://openssl.org/news/secadv_20150108.txt
http://openssl.org/news/secadv_20150319.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm
9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm
58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm
b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm
a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm
521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS
kz0ex6eI6hA6qSwklA2NoXY=
=GYjX
-----END PGP SIGNATURE-----
.
Please refer to the RESOLUTION
section below for a list of impacted products.
Note: mitigation instructions are included below if the following software
updates cannot be applied.
Family
Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted
CVE
12900 Switch Series
R1005P15
JG619A HP FF 12910 Switch AC Chassis
JG621A HP FF 12910 Main Processing Unit
JG632A HP FF 12916 Switch AC Chassis
JG634A HP FF 12916 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
12500
R1828P06
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JC808A HP 12500 TAA Main Processing Unit
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566
CVE-2014-3568
12500 (Comware v7)
R7328P04
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JG497A HP 12500 MPU w/Comware V7 OS
JG782A HP FF 12508E AC Switch Chassis
JG783A HP FF 12508E DC Switch Chassis
JG784A HP FF 12518E AC Switch Chassis
JG785A HP FF 12518E DC Switch Chassis
JG802A HP FF 12500E MPU
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
11900 Switch Series
R2111P06
JG608A HP FF 11908-V Switch Chassis
JG609A HP FF 11900 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
10500 Switch Series (Comware v5)
R1208P10
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC614A HP 10500 Main Processing Unit
JC748A HP 10512 Switch Chassis
JG375A HP 10500 TAA Main Processing Unit
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
CVE-2014-3566
CVE-2014-3568
10500 Switch Series (Comware v7)
R2111P06
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC748A HP 10512 Switch Chassis
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
JG496A HP 10500 Type A MPU w/Comware v7 OS
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
9500E
R1828P06
JC124A HP A9508 Switch Chassis
JC124B HP 9505 Switch Chassis
JC125A HP A9512 Switch Chassis
JC125B HP 9512 Switch Chassis
JC474A HP A9508-V Switch Chassis
JC474B HP 9508-V Switch Chassis
H3C S9505E Routing-Switch Chassis (0235A0G6)
H3C S9512E Routing-Switch Chassis (0235A0G7)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9505E Chassis w/ Fans (0235A38P)
H3C S9512E Chassis w/ Fans (0235A38R)
CVE-2014-3566
CVE-2014-3568
7900
R2122
JG682A HP FlexFabric 7904 Switch Chassis
JH001A HP FF 7910 2.4Tbps Fabric / MPU
JG842A HP FF 7910 7.2Tbps Fabric / MPU
JG841A HP FF 7910 Switch Chassis
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
7500 Switch Series
R6708P10
JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T
JC697A HP A7502 TAA Main Processing Unit
JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE
JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE
JC700A HP A7500 384 Gbps TAA Fabric / MPU
JC701A HP A7510 768 Gbps TAA Fabric / MPU
JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports
JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports
JD194A HP 384 Gbps Fabric A7500 Module
JD194B HP 7500 384Gbps Fabric Module
JD195A HP 7500 384Gbps Advanced Fabric Module
JD196A HP 7502 Fabric Module
JD220A HP 7500 768Gbps Fabric Module
JD238A HP A7510 Switch Chassis
JD238B HP 7510 Switch Chassis
JD239A HP A7506 Switch Chassis
JD239B HP 7506 Switch Chassis
JD240A HP A7503 Switch Chassis
JD240B HP 7503 Switch Chassis
JD241A HP A7506 Vertical Switch Chassis
JD241B HP 7506-V Switch Chassis
JD242A HP A7502 Switch Chassis
JD242B HP 7502 Switch Chassis
JD243A HP A7503 Switch Chassis w/1 Fabric Slot
JD243B HP 7503-S Switch Chassis w/1 Fabric Slot
H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)
H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)
H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)
H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)
H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)
H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)
H3C S7502E Chassis w/ fans (0235A29A)
H3C S7503E Chassis w/ fans (0235A27R)
H3C S7503E-S Chassis w/ fans (0235A33R)
H3C S7506E Chassis w/ fans (0235A27Q)
H3C S7506E-V Chassis w/ fans (0235A27S)
CVE-2014-3566
CVE-2014-3568
HSR6800
R3303P18
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566
CVE-2014-3568
HSR6800 Russian Version
R3303P18
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566
CVE-2014-3568
HSR6602
R3303P18
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
JG777A HP HSR6602-XG TAA Router
CVE-2014-3566
CVE-2014-3568
HSR6602 Russian Version
R3303P18
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
CVE-2014-3566
CVE-2014-3568
6602
R3303P18
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566
CVE-2014-3568
6602 Russian Version
R3303P18
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566
CVE-2014-3568
A6600
R3303P18
JC165A HP 6600 RPE-X1 Router Module
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR66-RPE-X1-H3 (0231A761)
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
A6600 Russian Version
R3303P18
JC165A HP 6600 RPE-X1 Router Module
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR66-RPE-X1-H3 (0231A761)
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
6600 MCP
R3303P18
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
6600 MCP Russian Version
R3303P18
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
JG778A HP 6600 MCP-X2 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
5920 Switch Series
R2311P05
JG296A HP 5920AF-24XG Switch
JG555A HP 5920AF-24XG TAA Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5900 Switch Series
R2311P05
JC772A HP 5900AF-48XG-4QSFP+ Switch
JG336A HP 5900AF-48XGT-4QSFP+ Switch
JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
JG838A HP FF 5900CP-48XG-4QSFP+ Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5830 Switch Series
R1118P11
JC691A HP A5830AF-48G Switch w/1 Interface Slot
JC694A HP A5830AF-96G Switch
JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot
JG374A HP 5830AF-96G TAA Switch
CVE-2014-3566
CVE-2014-3568
5820 Switch Series
R1809P03
JC102A HP 5820-24XG-SFP+ Switch
JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
JG219A HP 5820AF-24XG Switch
JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots
H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media
modules Plus OSM (0235A37L)
H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T
(RJ45) (0235A370)
CVE-2014-3566
CVE-2014-3568
5800 Switch Series
R1809P03
JC099A HP 5800-24G-PoE Switch
JC100A HP 5800-24G Switch
JC101A HP 5800-48G Switch with 2 Slots
JC103A HP 5800-24G-SFP Switch
JC104A HP 5800-48G-PoE Switch
JC105A HP 5800-48G Switch
JG225A HP 5800AF-48G Switch
JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots
JG254A HP 5800-24G-PoE+ TAA-compliant Switch
JG255A HP 5800-24G TAA-compliant Switch
JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt
JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot
JG258A HP 5800-48G TAA Switch w 1 Intf Slot
H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot
(0235A36U)
H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X
(SFP Plus ) Plus 1 media module PoE (0235A36S)
H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus
media module (no power) (0235A374)
H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus
) Plus media module (0235A379)
H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module
(0235A378)
H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM
(0235A36W)
CVE-2014-3566
CVE-2014-3568
5700
R2311P05
JG894A HP FF 5700-48G-4XG-2QSFP+ Switch
JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch
JG896A HP FF 5700-40XG-2QSFP+ Switch
JG897A HP FF 5700-40XG-2QSFP+ TAA Switch
JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch
JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5500 HI Switch Series
R5501P06
JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch
JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch
JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt
JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt
JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt
JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt
JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt
JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
CVE-2014-3566
CVE-2014-3568
5500 EI Switch Series
R2221P08
JD373A HP 5500-24G DC EI Switch
JD374A HP 5500-24G-SFP EI Switch
JD375A HP 5500-48G EI Switch
JD376A HP 5500-48G-PoE EI Switch
JD377A HP 5500-24G EI Switch
JD378A HP 5500-24G-PoE EI Switch
JD379A HP 5500-24G-SFP DC EI Switch
JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts
JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts
JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts
JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts
JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts
JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts
JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts
H3C S5500-28C-EI Ethernet Switch (0235A253)
H3C S5500-28F-EI Eth Switch AC Single (0235A24U)
H3C S5500-52C-EI Ethernet Switch (0235A24X)
H3C S5500-28C-EI-DC Ethernet Switch (0235A24S)
H3C S5500-28C-PWR-EI Ethernet Switch (0235A255)
H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)
H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
CVE-2014-3566
CVE-2014-3568
5500 SI Switch Series
R2221P08
JD369A HP 5500-24G SI Switch
JD370A HP 5500-48G SI Switch
JD371A HP 5500-24G-PoE SI Switch
JD372A HP 5500-48G-PoE SI Switch
JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts
JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts
H3C S5500-28C-SI Ethernet Switch (0235A04U)
H3C S5500-52C-SI Ethernet Switch (0235A04V)
H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)
H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
CVE-2014-3566
CVE-2014-3568
5130 EI switch Series
R3108P03
JG932A HP 5130-24G-4SFP+ EI Switch
JG933A HP 5130-24G-SFP-4SFP+ EI Switch
JG934A HP 5130-48G-4SFP+ EI Switch
JG936A HP 5130-24G-PoE+-4SFP+ EI Swch
JG937A HP 5130-48G-PoE+-4SFP+ EI Swch
JG975A HP 5130-24G-4SFP+ EI BR Switch
JG976A HP 5130-48G-4SFP+ EI BR Switch
JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch
JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5120 EI Switch Series
R2221P08
JE066A HP 5120-24G EI Switch
JE067A HP 5120-48G EI Switch
JE068A HP 5120-24G EI Switch with 2 Slots
JE069A HP 5120-48G EI Switch with 2 Slots
JE070A HP 5120-24G-PoE EI Switch with 2 Slots
JE071A HP 5120-48G-PoE EI Switch with 2 Slots
JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts
JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts
JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts
JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts
JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts
JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts
H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)
H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)
H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)
H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)
H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)
H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
CVE-2014-3566
CVE-2014-3568
5120 SI switch Series
R1513P95
JE072A HP 5120-48G SI Switch
JE073A HP 5120-16G SI Switch
JE074A HP 5120-24G SI Switch
JG091A HP 5120-24G-PoE+ (370W) SI Switch
JG092A HP 5120-24G-PoE+ (170W) SI Switch
H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)
H3C S5120-20P-SI L2
16GE Plus 4SFP (0235A42B)
H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)
H3C S5120-28P-HPWR-SI (0235A0E5)
H3C S5120-28P-PWR-SI (0235A0E3)
CVE-2014-3566
CVE-2014-3568
4800 G Switch Series
R2221P08
JD007A HP 4800-24G Switch
JD008A HP 4800-24G-PoE Switch
JD009A HP 4800-24G-SFP Switch
JD010A HP 4800-48G Switch
JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91)
3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)
3Com Switch 4800G 48-Port (3CRS48G-48-91)
3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)
3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
CVE-2014-3566
CVE-2014-3568
4510G Switch Series
R2221P08
JF428A HP 4510-48G Switch
JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91)
3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)
3Com Switch E4510-24G (3CRS45G-24-91)
CVE-2014-3566
CVE-2014-3568
4210G Switch Series
R2221P08
JF844A HP 4210-24G Switch
JF845A HP 4210-48G Switch
JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91)
3Com Switch 4210-48G (3CRS42G-48-91)
3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
CVE-2014-3566
CVE-2014-3568
3610 Switch Series
R5319P10
JD335A HP 3610-48 Switch
JD336A HP 3610-24-4G-SFP Switch
JD337A HP 3610-24-2G-2G-SFP Switch
JD338A HP 3610-24-SFP Switch
H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)
H3C S3610-28P - model LS-3610-28P-OVS (0235A22D)
H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)
H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
CVE-2014-3566
CVE-2014-3568
3600 V2 Switch Series
R2110P03
JG299A HP 3600-24 v2 EI Switch
JG300A HP 3600-48 v2 EI Switch
JG301A HP 3600-24-PoE+ v2 EI Switch
JG301B HP 3600-24-PoE+ v2 EI Switch
JG302A HP 3600-48-PoE+ v2 EI Switch
JG302B HP 3600-48-PoE+ v2 EI Switch
JG303A HP 3600-24-SFP v2 EI Switch
JG304A HP 3600-24 v2 SI Switch
JG305A HP 3600-48 v2 SI Switch
JG306A HP 3600-24-PoE+ v2 SI Switch
JG306B HP 3600-24-PoE+ v2 SI Switch
JG307A HP 3600-48-PoE+ v2 SI Switch
JG307B HP 3600-48-PoE+ v2 SI Switch
CVE-2014-3566
CVE-2014-3568
3100V2
R5203P11
JD313B HP 3100-24-PoE v2 EI Switch
JD318B HP 3100-8 v2 EI Switch
JD319B HP 3100-16 v2 EI Switch
JD320B HP 3100-24 v2 EI Switch
JG221A HP 3100-8 v2 SI Switch
JG222A HP 3100-16 v2 SI Switch
JG223A HP 3100-24 v2 SI Switch
CVE-2014-3566
CVE-2014-3568
3100V2-48
R2110P03
JG315A HP 3100-48 v2 Switch
CVE-2014-3566
CVE-2014-3568
1920
R1105
JG920A HP 1920-8G Switch
JG921A HP 1920-8G-PoE+ (65W) Switch
JG922A HP 1920-8G-PoE+ (180W) Switch
JG923A HP 1920-16G Switch
JG924A HP 1920-24G Switch
JG925A HP 1920-24G-PoE+ (180W) Switch
JG926A HP 1920-24G-PoE+ (370W) Switch
JG927A HP 1920-48G Switch
CVE-2014-3566
CVE-2014-3568
1910 R11XX
R1107
JG536A HP 1910-8 Switch
JG537A HP 1910-8 -PoE+ Switch
JG538A HP 1910-24 Switch
JG539A HP 1910-24-PoE+ Switch
JG540A HP 1910-48 Switch
CVE-2014-3566
CVE-2014-3568
1910 R15XX
R1513P95
JE005A HP 1910-16G Switch
JE006A HP 1910-24G Switch
JE007A HP 1910-24G-PoE (365W) Switch
JE008A HP 1910-24G-PoE(170W) Switch
JE009A HP 1910-48G Switch
JG348A HP 1910-8G Switch
JG349A HP 1910-8G-PoE+ (65W) Switch
JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-3566
CVE-2014-3568
1620
R1104
JG912A HP 1620-8G Switch
JG913A HP 1620-24G Switch
JG914A HP 1620-48G Switch
CVE-2014-3566
CVE-2014-3568
MSR20-1X
R2513P33
JD431A HP MSR20-10 Router
JD667A HP MSR20-15 IW Multi-Service Router
JD668A HP MSR20-13 Multi-Service Router
JD669A HP MSR20-13 W Multi-Service Router
JD670A HP MSR20-15 A Multi-Service Router
JD671A HP MSR20-15 AW Multi-Service Router
JD672A HP MSR20-15 I Multi-Service Router
JD673A HP MSR20-11 Multi-Service Router
JD674A HP MSR20-12 Multi-Service Router
JD675A HP MSR20-12 W Multi-Service Router
JD676A HP MSR20-12 T1 Multi-Service Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
JG209A HP MSR20-12-T-W Router (NA)
JG210A HP MSR20-13-W Router (NA)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-11 (0235A31V)
H3C MSR 20-12 (0235A32E)
H3C MSR 20-12 T1 (0235A32B)
H3C MSR 20-13 (0235A31W)
H3C MSR 20-13 W (0235A31X)
H3C MSR 20-15 A (0235A31Q)
H3C MSR 20-15 A W (0235A31R)
H3C MSR 20-15 I (0235A31N)
H3C MSR 20-15 IW (0235A31P)
H3C MSR20-12 W (0235A32G)
CVE-2014-3566
CVE-2014-3568
MSR30
R2513P33
JD654A HP MSR30-60 POE Multi-Service Router
JD657A HP MSR30-40 Multi-Service Router
JD658A HP MSR30-60 Multi-Service Router
JD660A HP MSR30-20 POE Multi-Service Router
JD661A HP MSR30-40 POE Multi-Service Router
JD666A HP MSR30-20 Multi-Service Router
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF232A HP RT-MSR3040-AC-OVS-AS-H3
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)
H3C MSR 30-20 (0235A19L)
H3C MSR 30-20 POE (0235A239)
H3C MSR 30-40 (0235A20J)
H3C MSR 30-40 POE (0235A25R)
H3C MSR 30-60 (0235A20K)
H3C MSR 30-60 POE (0235A25S)
H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
CVE-2014-3566
CVE-2014-3568
MSR30-16
R2513P33
JD659A HP MSR30-16 POE Multi-Service Router
JD665A HP MSR30-16 Multi-Service Router
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
H3C MSR 30-16 (0235A237)
H3C MSR 30-16 POE (0235A238)
CVE-2014-3566
CVE-2014-3568
MSR30-1X
R2513P33
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
CVE-2014-3566
CVE-2014-3568
MSR50
R2513P33
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR5040-DC-OVS-H3C (0235A20P)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
CVE-2014-3566
CVE-2014-3568
MSR50-G2
R2513P33
JD429A HP MSR50 G2 Processor Module
JD429B HP MSR50 G2 Processor Module
H3C H3C MSR 50 Processor Module-G2 (0231A84Q)
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo)
256F/1GD(0231A0KL)
CVE-2014-3566
CVE-2014-3568
MSR20 Russian version
MSR201X_5.20.R2513L40.RU
JD663B HP MSR20-21 Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
CVE-2014-3566
CVE-2014-3568
MSR20-1X Russian version
MSR201X_5.20.R2513L40.RU
JD431A HP MSR20-10 Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
CVE-2014-3566
CVE-2014-3568
MSR30 Russian version
MSR201X_5.20.R2513L40.RU
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
CVE-2014-3566
CVE-2014-3568
MSR30-16 Russian version
MSR201X_5.20.R2513L40.RU
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
CVE-2014-3566
CVE-2014-3568
MSR30-1X Russian version
MSR201X_5.20.R2513L40.RU
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
CVE-2014-3566
CVE-2014-3568
MSR50 Russian version
MSR201X_5.20.R2513L40.RU
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR 50 Processor Module (0231A791)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR5040-DC-OVS-H3C (0235A20P)
CVE-2014-3566
CVE-2014-3568
MSR50 G2 Russian version
MSR201X_5.20.R2513L40.RU
JD429B HP MSR50 G2 Processor Module
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD
(0231A0KL)
CVE-2014-3566
CVE-2014-3568
MSR9XX
R2513P33
JF812A HP MSR900 Router
JF813A HP MSR920 Router
JF814A HP MSR900-W Router
JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr
JG207A HP MSR900-W Router (NA)
JG208A HP MSR920-W Router (NA)
H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b
(0235A0C2)
H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)
H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)
H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
CVE-2014-3566
CVE-2014-3568
MSR93X
R2513P33
JG512A HP MSR930 Wireless Router
JG513A HP MSR930 3G Router
JG514A HP MSR931 Router
JG515A HP MSR931 3G Router
JG516A HP MSR933 Router
JG517A HP MSR933 3G Router
JG518A HP MSR935 Router
JG519A HP MSR935 Wireless Router
JG520A HP MSR935 3G Router
JG531A HP MSR931 Dual 3G Router
JG596A HP MSR930 4G LTE/3G CDMA Router
JG597A HP MSR936 Wireless Router
JG665A HP MSR930 4G LTE/3G WCDMA Global Router
JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
CVE-2014-3566
CVE-2014-3568
MSR1000
R2513P33
JG732A HP MSR1003-8 AC Router
CVE-2014-3566
CVE-2014-3568
MSR1000 Russian version
R2513L40.RU
JG732A HP MSR1003-8 AC Router
CVE-2014-3566
CVE-2014-3568
MSR2000
R0106P18
JG411A HP MSR2003 AC Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
MSR3000
R0106P18
JG404A HP MSR3064 Router
JG405A HP MSR3044 Router
JG406A HP MSR3024 AC Router
JG409A HP MSR3012 AC Router
JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
MSR4000
R0106P18
JG402A HP MSR4080 Router Chassis
JG403A HP MSR4060 Router Chassis
JG412A HP MSR4000 MPU-100 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
F5000
F3210P22
JG216A HP F5000 Firewall Standalone Chassis
JD259A HP A5000-A5 VPN Firewall Chassis
H3C SecPath F5000-A5 Host System (0150A0AG)
CVE-2014-3566
CVE-2014-3568
F5000-C
R3811P03
JG650A HP F5000-C VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F5000-S
R3811P03
JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
U200S and CS
F5123P30
JD268A HP 200-CS UTM Appliance
JD273A HP U200-S UTM Appliance
H3C SecPath U200-S (0235A36N)
CVE-2014-3566
CVE-2014-3568
U200A and M
F5123P30
JD274A HP 200-M UTM Appliance
JD275A HP U200-A UTM Appliance
H3C SecPath U200-A (0235A36Q)
CVE-2014-3566
CVE-2014-3568
SecBlade III
R3820P03
JG371A HP 12500 20Gbps VPN Firewall Module
JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
CVE-2014-3566
CVE-2014-3568
SecBlade FW
R3181P05
JC635A HP 12500 VPN Firewall Module
JD245A HP 9500 VPN Firewall Module
JD249A HP 10500/7500 Advanced VPN Firewall Mod
JD250A HP 6600 Firewall Processing Rtr Module
JD251A HP 8800 Firewall Processing Module
JD255A HP 5820 VPN Firewall Module
H3C S9500E SecBlade VPN Firewall Module (0231A0AV)
H3C S7500E SecBlade VPN Firewall Module (0231A832)
H3C SR66 Gigabit Firewall Module (0231A88A)
H3C SR88 Firewall Processing Module (0231A88L)
H3C S5820 SecBlade VPN Firewall Module (0231A94J)
CVE-2014-3566
CVE-2014-3568
F1000-E
R3181P05
JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F1000-A
R3734P06
JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F1000-S
R3734P06
JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
SecBlade SSL VPN
Fix in Progress
Use Mitigation
JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic
CVE-2014-3566
CVE-2014-3568
VSR1000
R0204P01
JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
JG811AAE HP VSR1001 Comware 7 Virtual Services Router
JG812AAE HP VSR1004 Comware 7 Virtual Services Router
JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
WX5002/5004
R2507P34
JD441A HP 5800 ACM for 64-256 APs
JD447B HP WX5002 Access Controller
JD448A HP A-WX5004 Access Controller
JD448B HP WX5004 Access Controller
JD469A HP A-WX5004 (3Com) Access Controller
JG261A HP 5800 Access Controller OAA TAA Mod
CVE-2014-3566
CVE-2014-3568
HP 850/870
R2607P34
JG723A HP 870 Unified Wired-WLAN Appliance
JG725A HP 870 Unifd Wrd-WLAN TAA Applnc
JG722A HP 850 Unified Wired-WLAN Appliance
JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
CVE-2014-3566
CVE-2014-3568
HP 830
R3507P34
JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch
JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch
JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch
JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
CVE-2014-3566
CVE-2014-3568
HP 6000
R2507P34
JG639A HP 10500/7500 20G Unified Wired-WLAN Mod
JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
CVE-2014-3566
CVE-2014-3568
VCX
Fix in Progress
Use Mitigation
J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
JC517A HP VCX V7205 Platform w/DL 360 G6 Server
JE355A HP VCX V6000 Branch Platform 9.0
JC516A HP VCX V7005 Platform w/DL 120 G6 Server
JC518A HP VCX Connect 200 Primry 120 G6 Server
J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
JE341A HP VCX Connect 100 Secondary
JE252A HP VCX Connect Primary MIM Module
JE253A HP VCX Connect Secondary MIM Module
JE254A HP VCX Branch MIM Module
JE355A HP VCX V6000 Branch Platform 9.0
JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
JD023A HP MSR30-40 Router with VCX MIM Module
JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
JE340A HP VCX Connect 100 Pri Server 9.0
JE342A HP VCX Connect 100 Sec Server 9.0
CVE-2014-3566
CVE-2014-3568
iMC PLAT
iMC PLAT v7.1 E0303P06
JD125A HP IMC Std S/W Platform w/100-node
JD126A HP IMC Ent S/W Platform w/100-node
JD808A HP IMC Ent Platform w/100-node License
JD815A HP IMC Std Platform w/100-node License
JF377A HP IMC Std S/W Platform w/100-node Lic
JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
JF378A HP IMC Ent S/W Platform w/200-node Lic
JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
JG659AAE HP IMC Smart Connect VAE E-LTU
JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
CVE-2014-3566
iMC UAM
iMC UAM v7.1 E0302P07
JD144A HP IMC UAM S/W Module w/200-User License
JF388A HP IMC UAM S/W Module w/200-user License
JF388AAE HP IMC UAM S/W Module w/200-user E-LTU
JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
iMC WSM
Fix in Progress
Use Mitigation
JD456A HP WSM Plug-in for IMC
Includes 50 Aps
JF414A HP IMC WSM S/W Module with 50-AP License
JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU
JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU
JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
A
Fixes in progress
use mitigations
J9565A HP 2615-8-PoE Switch
J9562A HP 2915-8G-PoE Switch
E
Fixes in progress
use mitigations
J4850A HP ProCurve Switch 5304xl
J8166A HP ProCurve Switch 5304xl-32G
J4819A HP ProCurve Switch 5308xl
J8167A HP ProCurve Switch 5308xl-48G
J4849A HP ProCurve Switch 5348xl
J4849B HP ProCurve Switch 5348xl
J4848A HP ProCurve Switch 5372xl
J4848B HP ProCurve Switch 5372xl
F
Fixes in progress
use mitigations
J4812A HP ProCurve 2512 Switch
J4813A HP ProCurve 2524 Switch
J4817A HP ProCurve 2312 Switch
J4818A HP ProCurve 2324 Switch
H.07
Fixes in progress
use mitigations
J4902A HP ProCurve 6108 Switch
H.10
Fixes in progress
use mitigations
J8762A HP E2600-8-PoE Switch
J4900A HP PROCURVE SWITCH 2626
J4900B HP ProCurve Switch 2626
J4900C ProCurve Switch 2626
J4899A HP ProCurve Switch 2650
J4899B HP ProCurve Switch 2650
J4899C ProCurve Switch 2650
J8164A ProCurve Switch 2626-PWR
J8165A HP ProCurve Switch 2650-PWR
i.10
Fixes in progress
use mitigations
J4903A ProCurve Switch 2824
J4904A HP ProCurve Switch 2848
J
Fixes in progress
use mitigations
J9299A HP 2520-24G-PoE Switch
J9298A HP 2520-8G-PoE Switch
K
Fixes in progress
use mitigations
J8692A HP 3500-24G-PoE yl Switch
J8693A HP 3500-48G-PoE yl Switch
J9310A HP 3500-24G-PoE+ yl Switch
J9311A HP 3500-48G-PoE+ yl Switch
J9470A HP 3500-24 Switch
J9471A HP 3500-24-PoE Switch
J9472A HP 3500-48 Switch
J9473A HP 3500-48-PoE Switch
J8697A HP E5406 zl Switch Chassis
J8699A HP 5406-48G zl Switch
J9447A HP 5406-44G-PoE+-4SFP zl Switch
J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW
J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW
J9642A HP 5406 zl Switch with Premium Software
J9866A HP 5406 8p10GT 8p10GE Swch and Psw
J8698A HP E5412 zl Switch Chassis
J8700A HP 5412-96G zl Switch
J9448A HP 5412-92G-PoE+-4SFP zl Switch
J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW
J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW
J9643A HP 5412 zl Switch with Premium Software
J8992A HP 6200-24G-mGBIC yl Switch
J9263A HP E6600-24G Switch
J9264A HP 6600-24G-4XG Switch
J9265A HP 6600-24XG Switch
J9451A HP E6600-48G Switch
J9452A HP 6600-48G-4XG Switch
J9475A HP E8206 zl Switch Base System
J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW
J9640A HP 8206 zl Switch w/Premium Software
J8715A ProCurve Switch 8212zl Base System
J8715B HP E8212 zl Switch Base System
J9091A ProCurve Switch 8212zl Chassis&Fan Tray
J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW
J9641A HP 8212 zl Switch with Premium SW
KA
Fixes in progress
use mitigations
J9573A HP 3800-24G-PoE+-2SFP+ Switch
J9574A HP 3800-48G-PoE+-4SFP+ Switch
J9575A HP 3800-24G-2SFP+ Switch
J9576A HP 3800-48G-4SFP+ Switch
J9584A HP 3800-24SFP-2SFP+ Switch
J9585A HP 3800-24G-2XG Switch
J9586A HP 3800-48G-4XG Switch
J9587A HP 3800-24G-PoE+-2XG Switch
J9588A HP 3800-48G-PoE+-4XG Switch
KB
Fixes in progress
use mitigations
J9821A HP 5406R zl2 Switch
J9822A HP 5412R zl2 Switch
J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch
J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch
J9850A HP 5406R zl2 Switch
J9851A HP 5412R zl2 Switch
J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch
L
Fixes in progress
use mitigations
J8772B HP 4202-72 Vl Switch
J8770A HP 4204 Vl Switch Chassis
J9064A HP 4204-44G-4SFP Vl Switch
J8773A HP 4208 Vl Switch Chassis
J9030A HP 4208-68G-4SFP Vl Switch
J8775B HP 4208-96 Vl Switch
J8771A ProCurve Switch 4202VL-48G
J8772A ProCurve Switch 4202VL-72
J8774A ProCurve Switch 4208VL-64G
J8775A ProCurve Switch 4208VL-96
M.08
Fixes in progress
use mitigations
J8433A HP 6400-6XG cl Switch
J8474A HP 6410-6XG cl Switch
M.10
Fixes in progress
use mitigations
J4906A HP E3400-48G cl Switch
J4905A HP ProCurve Switch 3400cl-24G
N
Fixes in progress
use mitigations
J9021A HP 2810-24G Switch
J9022A HP 2810-48G Switch
PA
Fixes in progress
use mitigations
J9029A ProCurve Switch 1800-8G
PB
Fixes in progress
use mitigations
J9028A ProCurve Switch 1800-24G
J9028B ProCurve Switch 1800-24G
Q
Fixes in progress
use mitigations
J9019B HP 2510-24 Switch
J9019A ProCurve Switch 2510-24
R
Fixes in progress
use mitigations
J9085A HP 2610-24 Switch
J9087A HP 2610-24-PoE Switch
J9086A HP 2610-24-PPoE Switch
J9088A HP 2610-48 Switch
J9089A HP 2610-48-PoE Switch
RA
Fixes in progress
use mitigations
J9623A HP 2620-24 Switch
J9624A HP 2620-24-PPoE+ Switch
J9625A HP 2620-24-PoE+ Switch
J9626A HP 2620-48 Switch
J9627A HP 2620-48-PoE+ Switch
S
Fixes in progress
use mitigations
J9138A HP 2520-24-PoE Switch
J9137A HP 2520-8-PoE Switch
T
Fixes in progress
use mitigations
J9049A ProCurve Switch 2900- 24G
J9050A ProCurve Switch 2900 48G
U
Fixes in progress
use mitigations
J9020A HP 2510-48 Switch
VA
Fixes in progress
use mitigations
J9079A HP 1700-8 Switch
VB
Fixes in progress
use mitigations
J9080A HP 1700-24 Switch
W
Fixes in progress
use mitigations
J9145A HP 2910-24G al Switch
J9146A HP 2910-24G-PoE+ al Switch
J9147A HP 2910-48G al Switch
J9148A HP 2910-48G-PoE+ al Switch
WB
Fixes in progress
use mitigations
J9726A HP 2920-24G Switch
J9727A HP 2920-24G-POE+ Switch
J9728A HP 2920-48G Switch
J9729A HP 2920-48G-POE+ Switch
J9836A HP 2920-48G-POE+ 740W Switch
Y
Fixes in progress
use mitigations
J9279A HP 2510-24G Switch
J9280A HP 2510-48G Switch
YA
Fixes in progress
use mitigations
J9772A HP 2530-48G-PoE+ Switch
J9773A HP 2530-24G-PoE+ Switch
J9774A HP 2530-8G-PoE+ Switch
J9775A HP 2530-48G Switch
J9776A HP 2530-24G Switch
J9777A HP 2530-8G Switch
J9778A HP 2530-48-PoE+ Switch
J9781A HP 2530-48 Switch
J9853A HP 2530-48G-PoE+-2SFP+ Switch
J9854A HP 2530-24G-PoE+-2SFP+ Switch
J9855A HP 2530-48G-2SFP+ Switch
J9856A HP 2530-24G-2SFP+ Switch
YB
Fixes in progress
use mitigations
J9779A HP 2530-24-PoE+ Switch
J9780A HP 2530-8-PoE+ Switch
J9782A HP 2530-24 Switch
J9783A HP 2530-8 Switch
MSM 6.5
6.5.1.0
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9370A HP MSM765 Zl Premium Mobility Controller
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
J9840A HP MSM775 zl Premium Controller Module
J9845A HP 560 Wireless 802.11ac (AM) AP
J9846A HP 560 Wireless 802.11ac (WW) AP
J9847A HP 560 Wireless 802.11ac (JP) AP
J9848A HP 560 Wireless 802.11ac (IL) AP
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
MSM 6.4
6.4.2.1
J9840A HP MSM775 zl Premium Controller Module
J9370A HP MSM765 Zl Premium Mobility Controller
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
MSM 6.3
6.3.1.0
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9356A HP E-MSM335 Access Point (US)
J9356B HP MSM335 Access Point (US)
J9357A HP E-MSM335 Access Point (WW)
J9357B HP MSM335 Access Point (WW)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9360A HP E-MSM320 Access Point (US)
J9360B HP MSM320 Access Point (US)
J9364A HP E-MSM320 Access Point (WW)
J9364B HP MSM320 Access Point (WW)
J9365A HP MSM320-R Access Point (US)
J9365B HP MSM320-R Access Point (US)
J9368A HP E-MSM320-R Access Point (WW)
J9368B HP MSM320-R Access Point (WW)
J9373A HP E-MSM325 Access Point (WW)
J9373B HP MSM325 Access Point (WW)
J9374A HP E-MSM310 Access Point (US)
J9374B HP MSM310 Access Point (US)
J9379A HP MSM310 Access Point (WW)
J9379B HP MSM310 Access Point (WW)
J9380A HP E-MSM310-R Access Point (US)
J9380B HP MSM310-R Access Point (US)
J9383A HP E-MSM310-R Access Point (WW)
J9383B HP MSM310-R Access Point (WW)
J9524A HP E-MSM310 Access Point (JP)
J9524B HP MSM310 Access Point (JP)
J9527A HP E-MSM320 Access Point (JP)
J9527B HP MSM320 Access Point (JP)
J9528A HP E-MSM320-R Access Point (JP)
J9528B HP MSM320-R Access Point (JP)
MSM 6.2
6.2.1.2
J9370A HP MSM765 Zl Premium Mobility Controller
J9356A HP E-MSM335 Access Point (US)
J9356B HP MSM335 Access Point (US)
J9357A HP E-MSM335 Access Point (WW)
J9357B HP MSM335 Access Point (WW)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9840A HP MSM775 zl Premium Controller Module
J9360A HP E-MSM320 Access Point (US)
J9360B HP MSM320 Access Point (US)
J9364A HP E-MSM320 Access Point (WW)
J9364B HP MSM320 Access Point (WW)
J9365A HP MSM320-R Access Point (US)
J9365B HP MSM320-R Access Point (US)
J9368A HP E-MSM320-R Access Point (WW)
J9368B HP MSM320-R Access Point (WW)
J9373A HP E-MSM325 Access Point (WW)
J9373B HP MSM325 Access Point (WW)
J9374A HP E-MSM310 Access Point (US)
J9374B HP MSM310 Access Point (US)
J9379A HP MSM310 Access Point (WW)
J9379B HP MSM310 Access Point (WW)
J9380A HP E-MSM310-R Access Point (US)
J9380B HP MSM310-R Access Point (US)
J9383A HP E-MSM310-R Access Point (WW)
J9383B HP MSM310-R Access Point (WW)
J9524A HP E-MSM310 Access Point (JP)
J9524B HP MSM310 Access Point (JP)
J9527A HP E-MSM320 Access Point (JP)
J9527B HP MSM320 Access Point (JP)
J9528A HP E-MSM320-R Access Point (JP)
J9528B HP MSM320-R Access Point (JP)
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
M220
Fixes in progress
use mitigations
J9798A HP M220 802.11n (AM) Access Point
J9799A HP M220 802.11n (WW) Access Point
M210
Fixes in progress
use mitigations
JL023A HP M210 802.11n (AM) Access Point
JL024A HP M210 802.11n (WW) Access Point
PS110
Fixes in progress
use mitigations
JL065A HP PS110 Wireless 802.11n VPN AM Router
JL066A HP PS110 Wireless 802.11n VPN WW Router
HP Office Connect 1810 PK
Fixes in progress
use mitigations
J9660A HP 1810-48G Switch
HP Office Connect 1810 P
Fixes in progress
use mitigations
J9450A HP 1810-24G Switch
J9449A HP 1810-8G Switch
HP Office Connect 1810 PL
Fixes in progress
use mitigations
J9802A HP 1810-8G v2 Switch
J9803A HP 1810-24G v2 Switch
RF Manager
Fixes in progress
use mitigations
J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with
50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU
HP Office Connect 1810 PM
Fixes in progress
use mitigations
J9800A HP 1810-8 v2 Switch
J9801A HP 1810-24 v2 Switch
HP Office Connect PS1810
Fixes in progress
use mitigations
J9833A HP PS1810-8G Switch
J9834A HP PS1810-24G Switch
Mitigation Instructions
For SSLv3 Server Functionality on Impacted Products:
Disable SSLv3 on clients
and/or disable CBC ciphers on clients
Use Access Control functionality to control client access
For SSLv3 Client Functionality on Impacted Products:
Go to SSL server and disable SSLv3
and/or disable CBC ciphers
Use Access Control functionality to control access to servers
HISTORY
Version:1 (rev.1) - 2 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy. The HP Matrix
Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating
Environment 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPID
NOTE: Please read the readme.txt file before proceeding with the
installation.
HP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier.
Go to
http://www.hp.com/go/oa
Select "Onboard Administrator Firmware"
Select product name as ""HP BLc3000 Onboard Administrator Option" or "HP
BLc7000 Onboard Administrator Option"
Select the operating system from the list of choices
Select Firmware version 4.40 for download
Refer to the HP BladeSystem Onboard Administrator User Guide for steps to
update the Onboard Administrator firmware. ============================================================================
Ubuntu Security Notice USN-2385-1
October 16, 2014
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.7
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.20
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.22
After a standard system update you need to reboot your computer to make all
the necessary changes |
|
var-200809-0190
|
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. Passing untrusted input to SearchKit through the application may cause the application to terminate unexpectedly or execute arbitrary code.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-200701-0295
|
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. As a result, authentication information may be leaked. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: KHTML: Cross-site scripting (XSS) vulnerability
Date: March 10, 2007
Bugs: #165606
ID: 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The KHTML component shipped with the KDE libraries is prone to a
cross-site scripting (XSS) vulnerability.
Background
==========
KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. KHTML is the HTML interpreter used in
Konqueror and other parts of KDE.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8
Description
===========
The KHTML code allows for the execution of JavaScript code located
inside the "Title" HTML element, a related issue to the Safari error
found by Jose Avila.
Impact
======
When viewing a HTML page that renders unsanitized attacker-supplied
input in the page title, Konqueror and other parts of KDE will execute
arbitrary JavaScript code contained in the page title, allowing for the
theft of browser session data or cookies.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All KDElibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"
References
==========
[ 1 ] CVE-2007-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
[ 2 ] CVE-2007-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200703-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-420-1 February 06, 2007
kdelibs vulnerability
CVE-2007-0537
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
kdelibs4c2 4:3.4.3-0ubuntu2.2
Ubuntu 6.06 LTS:
kdelibs4c2a 4:3.5.2-0ubuntu18.2
Ubuntu 6.10:
kdelibs4c2a 4:3.5.5-0ubuntu3.1
After a standard system upgrade you need to restart your session to
effect the necessary changes. By
tricking a Konqueror user into visiting a malicious website, an attacker
could bypass cross-site scripting protections.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz
Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc
Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 22552842 287114119aee64a256f8fce295e9d034
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz
Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc
Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 1356968 a6e62679f09dbafa54137204af905494
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 23623320 36aefb75ec36a60d3308392842556130
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz
Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc
Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49
. Also affects kdelibs 3.5.6,
as per KDE official advisory.
Updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
290249d063eb99aa0267060e28bd3d63 2007.1/i586/kdelibs-common-3.5.6-11.1mdv2007.1.i586.rpm
0392bf166e2b95b8274f67e24066dc8a 2007.1/i586/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.i586.rpm
06107eb81ff8b184812f7a8ae31b52b9 2007.1/i586/libkdecore4-3.5.6-11.1mdv2007.1.i586.rpm
ffb71260989867bcec7d7fae45b86b5a 2007.1/i586/libkdecore4-devel-3.5.6-11.1mdv2007.1.i586.rpm
2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
258cf38cce814a12a44c79c283de7c3d 2007.1/x86_64/kdelibs-common-3.5.6-11.1mdv2007.1.x86_64.rpm
70b9d63ac375ba65fb6c6b526dfe80f0 2007.1/x86_64/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.x86_64.rpm
ee0681c70efd4cebb72a23b773d56f09 2007.1/x86_64/lib64kdecore4-3.5.6-11.1mdv2007.1.x86_64.rpm
664da181e64ab3f343b265cac6de0e87 2007.1/x86_64/lib64kdecore4-devel-3.5.6-11.1mdv2007.1.x86_64.rpm
2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvN99mqjQ0CJFipgRAkoiAJ9cYCEKSJXMFS0+C1kOsR82hamhUQCdHdlA
0d14cDmgZcJ1DxJi7dCNr3E=
=ix0J
-----END PGP SIGNATURE-----
|
|
var-202003-1779
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)
* cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)
* HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)
* HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)
* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)
* keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)
* keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)
* keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)
* keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)
* keycloak: cross-realm user access auth bypass (CVE-2019-14832)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)
* SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)
* thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)
* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)
* wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)
* xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)
For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. You must be logged in to download the update. Solution:
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
5. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17
JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21
JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final
JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final
JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m
JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x
JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final
JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1
JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001
JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001
JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6
JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints.
JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001
JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6
JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001
JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001
JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final
JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final
JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
7. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Data Grid 7.3.7 security update
Advisory ID: RHSA-2020:3779-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779
Issue date: 2020-09-17
CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695
CVE-2020-1710 CVE-2020-1719 CVE-2020-1745
CVE-2020-1748 CVE-2020-1757 CVE-2020-8840
CVE-2020-9488 CVE-2020-9546 CVE-2020-9547
CVE-2020-9548 CVE-2020-10672 CVE-2020-10673
CVE-2020-10714 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113
CVE-2020-11612 CVE-2020-11619 CVE-2020-11620
====================================================================
1. Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10673)
* jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)
* jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop
(CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
(CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
To install this update, do the following:
1. Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section.
2. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on.
3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions.
4. Restart Data Grid to ensure the changes take effect.
4. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
5. References:
https://access.redhat.com/security/cve/CVE-2017-7658
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10672
https://access.redhat.com/security/cve/CVE-2020-10673
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-11620
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn
NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8
5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A
qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm
GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn
aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G
DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7
MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9
Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j
wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq
P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb
PyKX8lLP6w8=n+2X
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications |
|
var-201304-0317
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions.". Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the 'JAXP' sub-component.
This vulnerability affects the following supported versions:
7 Update 17 , 6 Update 43 , 5.0 Update 41. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03809278
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03809278
Version: 1
HPSBUX02889 SSRT101252 rev.1 - HP-UX Running Java, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2013-07-01
Last Updated: 2013-07-01
Potential Security Impact: Remote unauthorized access, disclosure of
information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These
vulnerabilities could allow remote unauthorized access, disclosure of
information, and other exploits.
HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.18 and
earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-0401 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1491 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1518 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1537 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1540 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2013-1557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1558 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1563 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-1569 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2383 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2384 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2394 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-2417 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-2418 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6
CVE-2013-2419 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-2420 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2422 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2424 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-2429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-2430 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-2432 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2013-2434 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2435 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2439 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
CVE-2013-2440 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/java
OS Version
Release Version
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.19 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0 update to Java v6.0.19 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
===========
Jdk60.JDK60-COM
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
Jre60.JRE60-COM
Jre60.JRE60-COM-DOC
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.19.00 or subsequent
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.19.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 1 July 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
==========================================================================
Ubuntu Security Notice USN-1806-1
April 23, 2013
openjdk-7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
Several security issues were fixed in OpenJDK 7. (CVE-2013-0401)
James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569,
CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,
CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)
Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive data
over the network. (CVE-2013-2415, CVE-2013-2424)
Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-2417, CVE-2013-2419)
A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-2423)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
icedtea-7-jre-jamvm 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-headless 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-lib 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-zero 7u21-2.3.9-0ubuntu0.12.10.1
This update uses a new upstream release, which includes additional bug
fixes.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.7.0-openjdk security update
Advisory ID: RHSA-2013:0752-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0752.html
Issue date: 2013-04-17
CVE Names: CVE-2013-0401 CVE-2013-1488 CVE-2013-1518
CVE-2013-1537 CVE-2013-1557 CVE-2013-1558
CVE-2013-1569 CVE-2013-2383 CVE-2013-2384
CVE-2013-2415 CVE-2013-2417 CVE-2013-2419
CVE-2013-2420 CVE-2013-2421 CVE-2013-2422
CVE-2013-2423 CVE-2013-2424 CVE-2013-2426
CVE-2013-2429 CVE-2013-2430 CVE-2013-2431
CVE-2013-2436
=====================================================================
1. Summary:
Updated java-1.7.0-openjdk packages that fix various security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
3. Description:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple flaws were discovered in the font layout engine in the 2D
component. An untrusted Java application or applet could possibly use these
flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,
CVE-2013-2383, CVE-2013-2384)
Multiple improper permission check issues were discovered in the Beans,
Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518,
CVE-2013-1557)
The previous default value of the java.rmi.server.useCodebaseOnly property
permitted the RMI implementation to automatically load classes from
remotely specified locations. An attacker able to connect to an application
using RMI could use this flaw to make the application execute arbitrary
code. (CVE-2013-1537)
Note: The fix for CVE-2013-1537 changes the default value of the property
to true, restricting class loading to the local CLASSPATH and locations
specified in the java.rmi.server.codebase property. Refer to Red Hat
Bugzilla bug 952387 for additional details.
The 2D component did not properly process certain images. An untrusted Java
application or applet could possibly use this flaw to trigger Java Virtual
Machine memory corruption. (CVE-2013-2420)
It was discovered that the Hotspot component did not properly handle
certain intrinsic frames, and did not correctly perform access checks and
MethodHandle lookups. An untrusted Java application or applet could
use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431,
CVE-2013-2421, CVE-2013-2423)
It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO
component did not protect against modification of their state while
performing certain native code operations. An untrusted Java application or
applet could possibly use these flaws to trigger Java Virtual Machine
memory corruption. (CVE-2013-2429, CVE-2013-2430)
The JDBC driver manager could incorrectly call the toString() method in
JDBC drivers, and the ConcurrentHashMap class could incorrectly call the
defaultReadObject() method. An untrusted Java application or applet could
possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1488, CVE-2013-2426)
The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly
invoke the system class loader. An untrusted Java application or applet
could possibly use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-0401)
Flaws were discovered in the Network component's InetAddress serialization,
and the 2D component's font handling. An untrusted Java application or
applet could possibly use these flaws to crash the Java Virtual Machine.
(CVE-2013-2417, CVE-2013-2419)
The MBeanInstantiator class implementation in the OpenJDK JMX component did
not properly check class access before creating new instances. An untrusted
Java application or applet could use this flaw to create instances of
non-public classes. (CVE-2013-2424)
It was discovered that JAX-WS could possibly create temporary files with
insecure permissions. A local attacker could use this flaw to access
temporary files created by an application using JAX-WS. (CVE-2013-2415)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
920245 - CVE-2013-0401 OpenJDK: unspecified sandbox bypass (CanSecWest 2013, AWT)
920247 - CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952389 - CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
952398 - CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952550 - CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952640 - CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952645 - CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)
952646 - CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952649 - CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
952653 - CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
952656 - CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986)
952709 - CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987)
952711 - CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.i386.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.i386.rpm
java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.i386.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-1488.html
https://www.redhat.com/security/data/cve/CVE-2013-1518.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1558.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2415.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2421.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2423.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2426.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2431.html
https://www.redhat.com/security/data/cve/CVE-2013-2436.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRbvJKXlSAg2UNWIIRAqUrAJ9Z/4p4Hfhem2IW/HyrENsM6alnkACeJrNj
u7V5CaCh5MYZ84AllqEIm+E=
=pvGZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform). Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages
Description
===========
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.
References
==========
[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRcSLkmqjQ0CJFipgRAsEgAJ4gHSUUcP7uDS3JIxzQZxnCLwXe1QCfTQXq
o4NG1rmFdAUfR4q/O/aHdtM=
=EXuM
-----END PGP SIGNATURE-----
|
|
var-200110-0170
|
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.". Wireshark contains a vulnerability in the XOT dissector that may cause the application to crash. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
----------------------------------------------------------------------
To improve our services to our customers, we have made a number of
additions to the Secunia Advisories and have started translating the
advisories to German.
The improvements will help our customers to get a better
understanding of how we reached our conclusions, how it was rated,
our thoughts on exploitation, attack vectors, and scenarios.
This includes:
* Reason for rating
* Extended description
* Extended solution
* Exploit code or links to exploit code
* Deep links
Read the full description:
http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information:
http://corporate.secunia.com/how_to_buy/15/?r=l
----------------------------------------------------------------------
TITLE:
Apple Airport Probe Response Kernel Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA22679
VERIFY ADVISORY:
http://secunia.com/advisories/22679/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
H.D. Moore has reported a vulnerability in the Apple Airport driver,
which potentially can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to an error in the Airport driver
provided with Orinoco-based Airport cards when handling probe
response frames. This can be exploited to overwrite kernel memory and
potentially execute arbitrary code when the driver is running in
active scanning mode.
The vulnerability is reported in the driver on a PowerBook running
version 10.4.8.
SOLUTION:
Do not place the card into active scanning mode.
PROVIDED AND/OR DISCOVERED BY:
H D Moore
ORIGINAL ADVISORY:
http://projects.info-pull.com/mokb/MOKB-01-11-2006.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201504-0150
|
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: cURL: Multiple vulnerabilities
Date: September 24, 2015
Bugs: #547376, #552618
ID: 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in cURL, the worst of which
can allow remote attackers to cause Denial of Service condition.
Background
==========
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
===========
Multiple vulnerabilities have been discovered in cURL. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
==========
[ 1 ] CVE-2015-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143
[ 2 ] CVE-2015-3144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144
[ 3 ] CVE-2015-3145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145
[ 4 ] CVE-2015-3148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148
[ 5 ] CVE-2015-3236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236
[ 6 ] CVE-2015-3237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. This is
similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This could
allow remote attackers to cause a denial of service (crash). This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This could allow remote attackers to
cause a denial of service (crash). This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
For the stable distribution (wheezy), these problems have been fixed in
version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 7.42.0-1.
We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859
Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware
7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-02-19
Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities in cURL and libcurl have been addressed
with HPE iMC PLAT and other HP and H3C products using Comware 7. The
vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve the
vulnerabilities in Comware 7 and iMC Plat.
**COMWARE 7 Products**
+ 12500 (Comware 7) R7375
* HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant
Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
* H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
+ 10500 (Comware 7) R7168
* HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating
System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE
Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
+ 12900 (Comware 7) R1137
* HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
+ 5900 (Comware 7) R2422P01
* HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
+ 5920 (Comware 7) R2422P01
* HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
+ MSR1000 (Comware 7) R0304P04
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
+ MSR2000 (Comware 7) R0304P04
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
+ MSR3000 (Comware 7) R0304P04
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
+ MSR4000 (Comware 7) R0304P04
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
+ VSR (Comware 7) E0321
* HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation
Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
+ 7900 (Comware 7) R2137
* HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main
Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main
Processing Unit
+ 5130 (Comware 7) R3109P09
* HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
+ 5700 (Comware 7) R2422P01
* HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
+ 5930 (Comware 7) R2422P01
* HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
+ HSR6602 (Comware 7) R7103P05
* HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
+ HSR6800 (Comware 7) R7103P05
* HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
+ 1950 R3109P09
* HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
**iMC**
+ iMC Plat iMC Plat 7.1 (E0303P13)
* HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center
Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY
Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package:
9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package:
00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package:
76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package:
8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package:
0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package:
4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update
Advisory ID: RHSA-2015:1254-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html
Issue date: 2015-07-22
Updated on: 2014-12-15
CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150
CVE-2015-3143 CVE-2015-3148
=====================================================================
1. Summary:
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)
* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)
* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)
* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)
* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)
* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)
* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)
* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
835898 - Bug in DNS cache causes connections until restart of libcurl-using processes
883002 - curl used with file:// protocol opens and closes a destination file twice
997185 - sendrecv.c example incorrect type for sockfd
1008178 - curl scp download fails in fips mode
1011083 - CA certificate cannot be specified by nickname [documentation bug]
1011101 - manpage typos found using aspell
1058767 - curl does not support ECDSA certificates
1104160 - Link in curl man page is wrong
1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
1154059 - curl: Disable out-of-protocol fallback to SSL 3.0
1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS
1156422 - curl does not allow explicit control of DHE ciphers
1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE
1168137 - curl closes connection after HEAD request fails
1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
ppc64:
curl-7.19.7-46.el6.ppc64.rpm
curl-debuginfo-7.19.7-46.el6.ppc.rpm
curl-debuginfo-7.19.7-46.el6.ppc64.rpm
libcurl-7.19.7-46.el6.ppc.rpm
libcurl-7.19.7-46.el6.ppc64.rpm
libcurl-devel-7.19.7-46.el6.ppc.rpm
libcurl-devel-7.19.7-46.el6.ppc64.rpm
s390x:
curl-7.19.7-46.el6.s390x.rpm
curl-debuginfo-7.19.7-46.el6.s390.rpm
curl-debuginfo-7.19.7-46.el6.s390x.rpm
libcurl-7.19.7-46.el6.s390.rpm
libcurl-7.19.7-46.el6.s390x.rpm
libcurl-devel-7.19.7-46.el6.s390.rpm
libcurl-devel-7.19.7-46.el6.s390x.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3613
https://access.redhat.com/security/cve/CVE-2014-3707
https://access.redhat.com/security/cve/CVE-2014-8150
https://access.redhat.com/security/cve/CVE-2015-3143
https://access.redhat.com/security/cve/CVE-2015-3148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn
emWApg/iYw5vIs3rWoqmU7A=
=p+Xb
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://advisories.mageia.org/MGASA-2015-0179.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm
545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm
489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm
f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm
7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security |
|
var-202108-2123
|
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.34.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-10 Additional information for
APPLE-SA-2021-09-20-2 watchOS 8
watchOS 8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212819.
Accessory Manager
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher
AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
bootp
Available for: Apple Watch Series 3 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
FaceTime
Available for: Apple Watch Series 3 and later
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Preferences
Available for: Apple Watch Series 3 and later
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: Apple Watch Series 3 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: Apple Watch Series 3 and later
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p
rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f
Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+
cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR
DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs
7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI
YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG
mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu
W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ
078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j
i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe
57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=
=mdve
-----END PGP SIGNATURE-----
.
CVE-2021-30851: Samuel Groß of Google Project Zero
Installation note:
This update may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the oldstable distribution (buster), these problems have been fixed
in version 2.34.1-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 2.34.1-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages |
|
var-201503-0388
|
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. OPcache is one of the extension components that improves PHP performance by storing the precompiled bytecode of PHP scripts in shared memory. ============================================================================
Ubuntu Security Notice USN-2501-1
February 17, 2015
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 14.10. (CVE-2015-1352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
php5-cgi 5.5.12+dfsg-2ubuntu4.2
php5-cli 5.5.12+dfsg-2ubuntu4.2
php5-fpm 5.5.12+dfsg-2ubuntu4.2
php5-pgsql 5.5.12+dfsg-2ubuntu4.2
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
php5-cgi 5.5.9+dfsg-1ubuntu4.6
php5-cli 5.5.9+dfsg-1ubuntu4.6
php5-fpm 5.5.9+dfsg-1ubuntu4.6
php5-pgsql 5.5.9+dfsg-1ubuntu4.6
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.16
php5-cgi 5.3.10-1ubuntu3.16
php5-cli 5.3.10-1ubuntu3.16
php5-fpm 5.3.10-1ubuntu3.16
php5-pgsql 5.3.10-1ubuntu3.16
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
This update fixes some security issues.
Please note that this package build also moves the configuration files
from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package:
9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package:
30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package:
1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).
An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way libzip, which is embedded in PHP, processed
certain ZIP archives.
It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers. The libzip packages
has been patched to address the CVE-2015-2331 flaw.
Additionally the php-xdebug package has been upgraded to the latest
2.3.2 and the PECL packages which requires so has been rebuilt for
php-5.5.23. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: php55 security and bug fix update
Advisory ID: RHSA-2015:1053-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-1352 CVE-2015-2301 CVE-2015-2305
CVE-2015-2348 CVE-2015-2787 CVE-2015-4147
CVE-2015-4148
=====================================================================
1. Summary:
Updated php55 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities.
The php55 packages have been upgraded to upstream version 5.5.21, which
provides multiple bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1057089)
The following security issues were fixed in the php55-php component:
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A heap buffer overflow flaw was found in PHP's regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)
A use-after-free flaw was found in PHP's phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)
An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. A remote attacker
could cause a PHP application to crash if it used fileinfo to identify the
type of the attacker-supplied file. (CVE-2014-9652)
It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)
A NULL pointer dereference flaw was found in PHP's pgsql extension. A
specially crafted table name passed to a function such as pg_insert() or
pg_select() could cause a PHP application to crash. (CVE-2015-1352)
A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)
All php55 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the
httpd24-httpd service must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1132446 - php55-php-fpm misinterpreting error_log=syslog
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 - CVE-2015-1351 php: use after free in opcache extension
1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-1352
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si
MD3ZncY/P8Pl6+DgQxJQCjo=
=MxfY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-201003-1075
|
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. (DoS) There is a vulnerability that could result in a condition. This vulnerability is CVE-2009-3553 This vulnerability is due to an insufficient fix for .Interfering with service operation by a third party (DoS) It may be in a state. CUPS is prone to a denial-of-service vulnerability.
NOTE: This issue is due to an incomplete fix for BID 37048 (CUPS File Descriptors Handling Remote Denial Of Service Vulnerability).
A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The way the cupsdDoSelect() function in the scheduler/select.c file of CUPS handles references in its file descriptor processing interface has a use-after-free error. A remote attacker can query the current print job list of a specific printer in a special way. Cause cupsd to crash.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:073-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : April 14, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in cups:
CUPS in does not properly handle (1) HTTP headers and (2) HTML
templates, which allows remote attackers to conduct cross-site
scripting (XSS) attacks and HTTP response splitting attacks via vectors
related to (a) the product's web interface, (b) the configuration of
the print system, and (c) the titles of printed jobs (CVE-2009-2820).
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS
1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable
to determine the file that provides localized message strings, which
allows local users to gain privileges via a file that contains crafted
localization data with format string specifiers (CVE-2010-0393).
The updated packages have been patched to correct these issues.
Update:
Packages for Mandriva Linux 2010.0 was missing with
MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0393
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
ba3d43f654fd15aea9f81eadb57c3022 2010.0/i586/cups-1.4.1-12.1mdv2010.0.i586.rpm
b1f275796b029190380e40ae23ae8ed0 2010.0/i586/cups-common-1.4.1-12.1mdv2010.0.i586.rpm
296b30522aa7c008767c6b285aa4b715 2010.0/i586/cups-serial-1.4.1-12.1mdv2010.0.i586.rpm
b3abb3c2299c1cb32848c0ee5954eed8 2010.0/i586/libcups2-1.4.1-12.1mdv2010.0.i586.rpm
d91c255a1e42e5988f1d8d2d94ffd369 2010.0/i586/libcups2-devel-1.4.1-12.1mdv2010.0.i586.rpm
ba336d918bbe9d03cf4fa823293bfb37 2010.0/i586/php-cups-1.4.1-12.1mdv2010.0.i586.rpm
c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
7c089025f467e5b366e57a15e85857ce 2010.0/x86_64/cups-1.4.1-12.1mdv2010.0.x86_64.rpm
0e0e4ad3a4d42022d22a88ee8568f8bf 2010.0/x86_64/cups-common-1.4.1-12.1mdv2010.0.x86_64.rpm
cb7b4cadce5a174bbd4027f478b38c26 2010.0/x86_64/cups-serial-1.4.1-12.1mdv2010.0.x86_64.rpm
653bd25375281b919c6438e71052359d 2010.0/x86_64/lib64cups2-1.4.1-12.1mdv2010.0.x86_64.rpm
7bebd27fa6ce2aa5667d28fd7b06702e 2010.0/x86_64/lib64cups2-devel-1.4.1-12.1mdv2010.0.x86_64.rpm
34452fc88d7a16591eb653a32c6daa28 2010.0/x86_64/php-cups-1.4.1-12.1mdv2010.0.x86_64.rpm
c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLxclfmqjQ0CJFipgRAmhmAJ4qtZ7GxqbmNOSfJeozcsqRCBvAsACg2vG+
NRt/ytxq5LWHwOAGFnOKnIw=
=ayqT
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Red Hat update for cups
SECUNIA ADVISORY ID:
SA38785
VERIFY ADVISORY:
http://secunia.com/advisories/38785/
DESCRIPTION:
Red Hat has issued an update for cups.
For more information:
SA37364
SOLUTION:
Updated packages are available via Red Hat Network.
CHANGELOG:
2010-03-04: Added CVE reference.
ORIGINAL ADVISORY:
RHSA-2010:0129-1:
https://rhn.redhat.com/errata/RHSA-2010-0129.html
OTHER REFERENCES:
SA37364:
http://secunia.com/advisories/37364/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-906-1 March 03, 2010
cups, cupsys vulnerabilities
CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.17
cupsys-client 1.2.2-0ubuntu0.6.06.17
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.8
cupsys-client 1.3.7-1ubuntu3.8
Ubuntu 8.10:
cups 1.3.9-2ubuntu9.5
cups-client 1.3.9-2ubuntu9.5
Ubuntu 9.04:
cups 1.3.9-17ubuntu3.6
cups-client 1.3.9-17ubuntu3.6
Ubuntu 9.10:
cups 1.4.1-5ubuntu2.4
cups-client 1.4.1-5ubuntu2.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the CUPS scheduler did not properly handle certain
network operations. A local attacker could exploit this with a format-string
vulnerability leading to a root privilege escalation. The default compiler
options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to
a denial of service. (CVE-2010-0393)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.diff.gz
Size/MD5: 106482 26e1af0359723f0fe887019ea8973a7e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.dsc
Size/MD5: 1061 400968d3ecf83db01f0a427f10f2998e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.17_all.deb
Size/MD5: 998 776cbf76de0fa4da83fa66cac2a2ee9c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 36220 1a0b165edf4aaff4b063ef5ffb44aec3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 81834 6fc3613d660d8193ef5bc8820a7241d9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 2289018 87d64d2f3a97289ad6b6db57d090ca2d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 6090 85aeada029ad3c01ff7f1e18f9ea9cc2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 77908 96e28918fdf830eb12336aadedf9f281
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 25740 85b73ffa3c93b1cca0f9421fdaa01cc3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_amd64.deb
Size/MD5: 130734 938995599b4be32a725528c80981fa78
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 34766 47d4bdcf450f6d8d30206c35192f1b7d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 77930 e830a9300772160fb0a6748da948f246
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 2256104 bcfa53bda3ed0c1e50636e804af11055
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 6094 34a470a2aaff3e3ab10eea29a1bd8200
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 77022 ab3b5c283d4ec643297685c034f1073c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 25748 d5904841e833850731621090c1b88c8c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_i386.deb
Size/MD5: 122908 eb39cde640458c67403c00cfd65ea312
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 40474 a47c9a5aad3feee3c9218d32e3f03f85
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 89482 81e3f9ad6e8fe3cb3096b133bfb4fb5b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 2303712 fffb516669489cf38ce5f410b58112af
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 6092 8c6d3af926e6729378b1ba23508e3c6b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 79548 169e4c3351cf2ef0c99e478d8e2a3a46
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 25740 f0d21ba1ea537495d3953a22999d1dd4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_powerpc.deb
Size/MD5: 128662 98b0c1483cc7021fff335da8d79c67c2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 35388 1128a347e119ca9525784ed50da5d0ab
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 78684 596751675fee6063e59dab02e7b44543
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 2289934 9bd77e6533b77678840172bcf285c157
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 6096 a11d49069913645b3a947d2dfa6f5f84
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 76832 c1049c92d30205b8032648dfbd90299c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 25744 d2d1088e3744d305b6c90aca7eda4be0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_sparc.deb
Size/MD5: 124486 60a22b1cccb08eaab9847b9e87c59032
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.diff.gz
Size/MD5: 141577 5cb2a7055c83f2535e6704212c06ea0c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.dsc
Size/MD5: 1442 d42e1f9c2424210f66acfaeb4ecf293a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.8_all.deb
Size/MD5: 1144392 72c2295be929ac91622921b866586810
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 37522 606cf4d3db841e5c7699af8e6063d28a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 90020 5494f76c3c0aff50e61b0e7065d4fc45
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 1882420 fbf517a3c599b99d5ea8936c09f4a6d6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 60800 2b3dd2ab96e425ab134602608f0d3530
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 50216 27fb4f492cc7bf62c01a275741d37011
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 345048 0525be5bc4dd045cd78a1b284f98398a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_amd64.deb
Size/MD5: 178536 a044522e561b9b3be73617a175cc399d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 36956 0507d5e834e622f33412109dcb260037
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 88530 244e700f4596074b37c4b7acb984dacc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 1864902 b6f438dea33b89a9f268d732d670faf1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 60090 e83c89c8fe55e2f2e79d424e4231f8a1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 49862 97abed0edb9dfbd42e8ba975c424e6d8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 339414 1e4250fd6c379296cfba76f67ab97465
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_i386.deb
Size/MD5: 175410 efdf295f468c419fd957e69f98fd715a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 36660 58ce4787d4d5b43fdc762f21f06bb6bf
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 88834 ea87ff5e386e37ddcd2a3678e85764e5
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 1867016 ba1534fcc9263b70868c4ed449529e25
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 60492 e06a5a3660f9967ec6e0040a486d7362
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 50808 ca0c034e3beff76b902c6471afbd7268
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 337072 bfaa21b082ce3052922a179d522213d4
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_lpia.deb
Size/MD5: 174440 8e2dd41e1e07942ee0f53e05c608206a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 46932 a5d83468e8e0269a483c914230768ea3
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 110654 ec3d80099ccbaeb3f0929644f45bbd75
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 1951280 f475ae7f5ae8ad00bc1ebd7c4634c3ae
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 59922 cb7e8e802dfbe515260578f585ee4427
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 54924 234a155df73c7ef047ac3c5c8b2e132a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 341760 1ada03ee442854916b34f267b1301407
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_powerpc.deb
Size/MD5: 184292 e080a077141436e9837682cf5c6e56e1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 38038 15aef403a65149edb1b6e3c87bbcf1e3
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 91026 a4ade2e1d03f94b36122a5788f37cc97
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 1899806 de0f0a1899697c7add1960031257c51e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 57822 c2af4acac6a11e98f72703a25b2ebdfc
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 48224 cf486639b2c6b6247afe109eb73e30d7
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 341494 8c21fd99687d9fd49fa97e6c4638338e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_sparc.deb
Size/MD5: 174130 9c878b37d2afd35ee0b50c077490112e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.diff.gz
Size/MD5: 331097 6adf07d4858d39e6047a97c0a312901e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.dsc
Size/MD5: 2044 d77dce1f6e35cabbd18e84a7c7031b0d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 1163190 5c0dee3c7fd7541494ff7dc348be8728
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58560 74c932189d98c843872876adc83c989e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58568 0666bac83bfb1edcc37931ad25588204
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58562 f524010f0aea453b001b084250bb7063
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58552 a55ec8b8772c680a7413afb1b069ee3e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58574 420d72079939829054f9bb7978375ecd
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 4536 660fc4e6b26c050504a674aec5e0b8cd
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.5_all.deb
Size/MD5: 58560 919055c4a196d7cfa5e93a3e73de24f9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 37296 0640e7fff6aa2dbbc93a839f641e1da0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 119772 fc950280a6a56b99486a29868c65bf9a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 1688940 84c0da9c505411cd3cbee063687215fa
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 2174144 1bff27592c202999f0fd2705eeb8282e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 352308 bcdc4e90a86a22e503cf20e492f57e0f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 173636 d477c60212f8098b6e92c2b5ec0b7ee2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 61320 35baa0391a49f0490f49a97d5c8d57d4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_amd64.deb
Size/MD5: 52322 d0caa49b4da1ea3ce447d2fa161d7394
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 36226 1374ff5d461c4aafe2b57822f45c11c6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 115316 0a8d0a452e3cd7d37eb72a9b4bacd8c8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 1549000 468b48af21f437e2942d4b447d18d9ef
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 2141316 d117bac8e26451e37827a62749d39b4d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 346096 26576542e0a94b17da8ddd971fbffa90
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 170556 7739c110695754553926fad31463187f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 60538 5c5832067d06795cbab9e65a885ba240
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_i386.deb
Size/MD5: 51720 e7d90e5e4eac150dfd205ac17b686cc8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 36028 5bfdf3e87b3764eb20c0093fb1de1d3e
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 114504 a4f3e28e6eb86599111687a0f7235c45
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 1577892 6c0014be2e9e878679480239a494e917
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 2138164 0a4c78f2bda571599ecffc75dade8006
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 343092 df67f3a082314f41e14cdf97c35c4668
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 168874 dcdab1a3f91f1f2a91a20d01873545ba
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 60626 27c5b3fec56fcb1d7215fd35dfa31ec1
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_lpia.deb
Size/MD5: 52394 5644013cd3dec455b6b6d88b4306d67d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 43566 986c0bd78d2fc4fb5ae76598b24b1a41
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 138118 cc8ece0b9d10792ead1b7902924a6a81
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 1669132 eefc44a29391bb799adc54b6cb412cf3
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 2266096 b798bac78d4f645b90683b3a7901ff4d
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 348056 e9100409aabe02a51ea9fd6c315ab5b6
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 177934 9d812213782055304cc92b4b3ca69894
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 61266 7287aa743d0135c2d16bf29acf9cf915
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_powerpc.deb
Size/MD5: 57452 b132aaccd9bcf40dc9ae38783f69c6a6
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 37220 5399de66103270899259960bb9d61345
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 117550 80acdf6867e804b3aa00055737534b57
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 1496764 e434ccdce381acf459b8d387881057d9
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 2202892 bbe3b1587f55b0bd868ce5e6fd4a38e9
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 344914 8a6824c84362ffbf4f9846a65045354a
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 166792 2be506fc868b369e46cf9f9d5fe83e69
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 57854 aef2dd0a14d3a8f01142d78e40ddcb67
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_sparc.deb
Size/MD5: 49804 8d12ec1a43df8c8c40f88082139d2785
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.diff.gz
Size/MD5: 335789 4f5f61340c4875048c60d69f82dec645
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.dsc
Size/MD5: 1995 e338a99e7a2e02a57415885e285f3bb1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 1165632 9b0854975cf994bd9233d6469e777e01
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60870 0e74155e761a4d852866bfdac0fb18fb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60876 ad4e2582235225612d6c14e65dbcba3d
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60868 636f7492dabc042d1bc7e11864b38df1
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60872 47806c56c4700090e125496e23d8529c
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 4516 0e4d49c326db4af8add9edd88b561ad9
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60856 09bb0b47cf251fde476503402b0d0518
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.6_all.deb
Size/MD5: 60866 02b07214f91997c6b4f5d017aff0655e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 37294 f14e9d6deb8a90dc55ba033dd6932f29
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 119756 b6d1f12fdca56879c84d177280535945
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 1664430 e0829de2955259a1169ca120f0a0a674
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 2170170 47904ff162f68734105645d802262448
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 352252 cff0030f199a0c96accc192e4168339c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 177900 da8f57dc1c56c823d459c12b98e64d2a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 61264 5deccf4e07529b9e4676a83a556cebde
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_amd64.deb
Size/MD5: 52226 306d5a5075974aa902c7e10066420efa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 36230 5d95974ec58afa8d26b10d7b9c46a66b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 115278 9011610cdad6d618456f508e3fe02107
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 1523946 660619a4cbb8df04bd81354ab6059f6c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 2136486 7f7dea27d4901a02daf9497bd242e2d9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 346068 67c31d2afa56164900bb916480386b79
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 174416 c84631d45fd35facbf136270470844d4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 60498 31d407917c749a659835e23c99eef0bb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_i386.deb
Size/MD5: 51542 5026ab999fb97ac800bd185af3a8cff1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 36022 952070683ed6130fbc8e5531e2142063
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 114500 977d5c00dc13327bc0c9bce453473388
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 1552094 4fecfb548b223615fc7ce88f8fb94264
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 2134028 8dad89838f050c4a375c01ab4b3b2559
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 343052 0139347ae444d4d9f0b9b1420ebfc04f
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 172714 406bb68cba379412650849ea003eb537
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 60668 0a2993f0ac79fc4a91648991be1b0976
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_lpia.deb
Size/MD5: 52342 a501ebcafdf48300f5326632ce1b08b6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 43574 ae6a41699272fc0b360ba6555fd4e7ef
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 138086 95d5d1551240a86de61f4472f8433d01
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 1640174 24942cd5b3e82cb8f700880ace4cb40b
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 2257684 78ff8dc9f337c46ade897f22092939af
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 347984 9663f15cddd48aaa7d389ce1244aebc1
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 183308 1d188a3ea31eaba68b620b8fece8fcd8
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 61306 56306bfa507550c07d02b820380e19c3
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_powerpc.deb
Size/MD5: 57406 be85c41fd62fcaf3a28107a1614146d4
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 37218 adeb034eaeadb51fd3723f382cab7b7c
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 117506 7a8039312accd4ce6be1596403616744
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 1468404 c3f80af2a2fc00c590562ea19e6fe9f2
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 2203876 b75a1f2918317d00cc1540014c42e8d0
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 344838 5976a1b94be50118b6ddcdc4b40de073
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 170236 262941bf660cc95765b72cf5aa13e14d
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 57860 36426cde9ee4e2e2dc813ba4d0e98f19
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_sparc.deb
Size/MD5: 49702 590f4b45bf412b2f59d9ad4ea395754c
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.diff.gz
Size/MD5: 414730 d1a0c764ccf1fedd4c3427c45d19a9ca
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.dsc
Size/MD5: 2273 4a8ceed09060814e0cf5070412e06aae
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz
Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 1419910 5ccad7198ba64c4d2e487109d38baf6c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 69572 33961e905c819b2d67c641fa0226596f
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 69534 04b34f17b2f23a24254d74d266121b10
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 69562 f624d2fcb8549771cd920148ba2ace45
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 69574 e0b8e717d5bd0740c7af047debb050f7
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 4548 45c04ec4b5ef40e7b5a05b97cfff0821
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.4_all.deb
Size/MD5: 69554 10ac2f07563d4eb693e27195b7778935
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 36708 60bcfe9509bf6c460a24b32f3dc22f3a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 120258 31f336e66b77fdb68624eee6c3f6aa86
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 89636 f2300503230b0418b939bbf0acbddd50
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 1909456 70052df26d278ec8fbcb89e92801f59c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 210406 50cf5e47fc69aa59dafcc51fd1ba7aca
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 218936 7f04aa35b965955b0c12566d18dd27bc
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 101856 80b6e20deaa9ec8006b6233daea025c4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 31586 cac166753bfc5dad29293f69669402fe
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 90190 bdf93f96a315ba2313eb0bc86a24fa2b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 22192 be5b0eba29c355d76aa86db66b328b8c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 61528 bcfe65ac2cd9cfab070635f5ede4482b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 53160 a3cff812c204698c97027c47a2a8032d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 81196 7fdf8a14125aed96ba11cfad2df8450b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 15492 406aa3da43f5949e6d062bf117a8656c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 143032 c29bf3ee9e457b0096ada17948d85afb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 60098 1cd00de7321f747b33a82c06bec69625
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_amd64.deb
Size/MD5: 34526 8a2d07f4f318a7fb578aef25a1fa106b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 35470 59752d8fe6b0ab6b4be4bc9553dd67fe
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 115326 24a5ebd4c6b0c9932ec34481bdfc27fd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 88804 71f3cbd750cb6283dc29cdea5e7b8dd3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 1867476 93037d1769ff83d77a6da5ed93e82058
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 199428 dc33c5038d26a0b76f1b694598c004a0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 213030 031bc59c14807b8d6c7347c2a3ba2e8c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 101048 e751022124d2496ac051280b70e75d88
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 31376 133412f956a2808d74ae62bc73ca6c48
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 90402 4c375adba3718768e98346d10ecfc2ed
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 22060 6969c7f346d155095980d127763e205a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 60314 6d620c4a4380d7e65c2dcf147c7df896
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 52412 6641e47022e889de1525eaf5c5305eca
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 81106 7e3b8f7ddec3a8a5b8377b0234270268
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 15206 fd9858648c9df78fae4a974955c0e475
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 141568 1db2ce91ffedfa1bbde68b2756cfe389
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 61438 1299d9de795e485872507e21e42b20e5
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_i386.deb
Size/MD5: 32824 a7d8171d0f2888bb97f59387b5953db2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 35442 dd26d3e196a3bc1880331dc3821cdbab
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 115178 76977be3cbcb0d5f4a22ada4071188e4
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 88774 6516931d5dce31c51b80f107a6c78f29
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 1865004 e482b421a57cc75b18d979de2e82fb7a
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 196772 061c86b147f9fdb980e7d40d8e84dabd
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 211440 13a330ef0e77a7f20f0e803140148905
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 100448 17f556fffdb82e83559268361e0eb53f
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 31206 27d0d62e0c989545ed7455f832eb2b25
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 89820 86176d7a6557617ff30aa83bcc875196
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 21778 e04668e8936e1d32e7e33414e570fcee
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 59950 9569de467d24173a0c35b838fea647fc
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 52576 582213e9cde03104f3c1795d06984197
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 81056 c1a6cca183116319ed1a095806cf1c8c
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 15304 21d41f59b097afbd27a12f7c9e877b32
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 141898 15553deba7c1e9c98136330e97b59119
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 62662 ecc362e334c91a0530c356b17e6a2641
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_lpia.deb
Size/MD5: 33264 325a9170ecf6cd1dc9f955be9bbc1d24
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 37006 3acbe062b83fdc269964eef5675a89c5
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 121650 74995951c11f700b551f6c8ce2badb23
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 89384 8f0ce2467cda194e493e87369aab765d
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 1930866 ef1a8fd29f47f928b81c785730ce89d9
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 203588 decd7de1cafe69b61d713988fe55af37
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 223504 f60c1ea0858fd39961852c870c7fce49
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 101020 c0ad517da1a8bc09ccf97903a3ded8c9
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 33348 2424426af873cd4207b8226ebb8490c5
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 89594 9e6125fb851403ef7e80f09840eaa89a
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 22324 a4b8cbb7319e42721479d3092ef23f16
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 60618 01ffa1358e2fb0c5dd307cd8d135c14f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 55376 fa276276aa683c19b9fc10bf65372347
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 81558 c9060c3ec4eca6ae2ce532f44298e556
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 15790 c857b043bf0bb4ff3dfc0db38de89f99
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 141118 92099a9250e369378fe8287e556b21a7
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 64954 b7da8579507c4db05cc78df34d289f76
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_powerpc.deb
Size/MD5: 34790 964c7ecb9faa3a0b1a115a2a06a66e75
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 36068 7ab9b44191ad5078c5f63a521744ca23
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 117816 2be453254c5f80dc1c353acc62a3c443
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 89232 09f73b5d95d3248b5ecc0393036ddbff
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 1954238 7f4762af124ba5e650569b6fa2fbb5c7
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 201516 730d6a0e1428a7165e01a565cc810d8a
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 210594 4f16bfe7a76a1c9cb137401290c4f5c1
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 102698 fe023955fc4e93236d2ff46b685bc32b
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 31560 4be671eb7500d06a1f949df0d92086e7
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 89804 3e5dbcf536bc2be0435561b4997c796e
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 21380 fce9fff2a5bc990ae97cd67569805789
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 58150 e5a43b39220105101c69480fa63075f5
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 50290 1cf2e270243b8f0a6cc56405a8c5bd94
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 80330 fd1073834591fd282edc82e516d7e533
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 14380 e00615f5e33b445f214fd1205b1948cb
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 144322 85692c2dcfd49bb0c0e0aad28ccb670c
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 61450 c809cd1adf184af7e35e60fa9c9c55e3
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_sparc.deb
Size/MD5: 33858 2bddab9378a2a4e3938ce6ed39dc807e
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to execute arbitrary code using specially
crafted streams, IPP requests or files, or cause a Denial of Service
(daemon crash or hang). A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
|
|
var-200801-0561
|
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.
The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. ===========================================================
Ubuntu Security Notice USN-575-1 February 04, 2008
apache2 vulnerabilities
CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,
CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-mpm-perchild 2.0.55-4ubuntu2.3
apache2-mpm-prefork 2.0.55-4ubuntu2.3
apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10:
apache2-mpm-perchild 2.0.55-4ubuntu4.2
apache2-mpm-prefork 2.0.55-4ubuntu4.2
apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04:
apache2-mpm-event 2.2.3-3.2ubuntu2.1
apache2-mpm-perchild 2.2.3-3.2ubuntu2.1
apache2-mpm-prefork 2.2.3-3.2ubuntu2.1
apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10:
apache2-mpm-event 2.2.4-3ubuntu0.1
apache2-mpm-perchild 2.2.4-3ubuntu0.1
apache2-mpm-prefork 2.2.4-3ubuntu0.1
apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as passwords),
within the same domain. This was only vulnerable in Ubuntu 6.06. A remote
attacker could send Apache crafted date headers and cause a denial of
service via application crash. By default, mod_proxy is disabled in
Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a
character set, which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. By
default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)
It was discovered that mod_status when status pages were available,
allowed for cross-site scripting attacks. By default, mod_status is
disabled in Ubuntu. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable
in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to
dereference a NULL pointer. A remote attacker could send a crafted
request and cause a denial of service via application crash. By
default, mod_proxy_balancer is disabled in Ubuntu. This was only
vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. Summary
Updated VMware Hosted products address security issues in libpng and
the Apace HTTP Server.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier
3. Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
------------------------
http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit
Linux 32-bit .rpm
md5sum: 4d55c491bd008ded0ea19f373d1d1fd4
sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit
Linux 32-bit .bundle
md5sum: d4a721c1918c0e8a87c6fa4bad49ad35
sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit
Linux 64-bit .rpm
md5sum: 72adfdb03de4959f044fcb983412ae7c
sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit
Linux 64-bit .bundle
md5sum: 83e1f0c94d6974286256c4d3b559e854
sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
-------------------
http://www.vmware.com/download/player/
Release notes:
http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe
md5sum: fe28f193374c9457752ee16cd6cad4e7
sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm
md5sum: c99cd65f19fdfc7651bcb7f328b73bc2
sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle
md5sum: 210f4cb5615bd3b2171bc054b9b2bac5
sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm
md5sum: f91576ef90b322d83225117ae9335968
sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle
md5sum: 595d44d7945c129b1aeb679d2f001b05
sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
----------------
http://www.vmware.com/download/ace/
Release notes:
http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance
AMS Virtual Appliance .zip
md5sum: 44cc7b86353047f02cf6ea0653e38418
sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows
Windows .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- ------------------------------------------------------------------------
6. Change log
2009-08-20 VMSA-2009-0010
Initial security advisory after release of Workstation 6.5.3,
Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm
cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm
f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm
1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm
333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm
717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm
15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm
90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm
52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm
8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm
4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm
fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm
665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm
a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm
cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm
208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm
92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm
71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm
dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm
eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm
f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm
ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm
200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm
ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm
126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm
52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm
17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm
a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm
b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm
df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm
c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm
a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm
e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm
0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm
a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm
e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm
f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm
6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm
71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm
4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm
a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm
0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm
3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm
5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm
1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm
597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm
f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm
a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm
2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm
bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm
9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm
938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm
cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm
5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm
48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm
ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm
7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm
6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm
a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm
ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm
a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm
d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm
68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm
07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm
6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm
b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm
46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm
c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm
01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm
9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm
5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm
e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm
9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm
ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm
5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm
339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm
a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm
f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm
8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm
9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm
de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm
eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm
4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm
cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm
3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm
ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm
8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm
21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm
0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm
50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm
9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm
29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm
21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm
944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm
0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm
ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm
785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm
c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm
2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm
16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm
76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm
36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm
d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm
7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm
8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm
1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm
e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm
2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm
c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm
27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm
e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm
6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm
e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm
304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm
d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm
e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm
2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Corporate 4.0:
0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm
2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm
6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm
8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm
6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm
56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm
6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm
7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm
eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm
b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm
a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm
2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm
b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm
b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm
240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm
afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm
76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm
eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm
57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm
804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm
ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm
5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm
dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm
b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm
6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm
973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm
359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm
ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm
e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm
d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm
166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm
bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm
3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm
f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm
6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm
f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm
ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01607570
Version: 1
HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-19
Last Updated: 2008-11-19
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
References: CVE-2007-6388, CVE-2007-5000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Reference Base Vector Base Score
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made patches available to resolve the vulnerabilities.
The patches are available from http://itrc.hp.com
OV NNM v7.53
===========
Operating_System - HP-UX (IA)
Resolved in Patch - PHSS_38148 or subsequent
Operating_System - HP-UX (PA)
Resolved in Patch - PHSS_38147 or subsequent
Operating_System - Linux RedHatAS2.1
Resolved in Patch - LXOV_00085 or subsequent
Operating_System - Linux RedHat4AS-x86_64
Resolved in Patch - LXOV_00086 or subsequent
Operating_System - Solaris
Resolved in Patch - PSOV_03514 or subsequent
OV NNM v7.51
===========
Upgrade to NNM v7.53 and install the patches listed above.
OV NNM v7.01
===========
Operating_System - HP-UX (PA)
Resolved in Patch - PHSS_38761 or subsequent
Operating_System - Solaris
Resolved in Patch - PSOV_03516 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38148 or subsequent
URL: http://itrc.hp.com
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38147 or subsequent
URL: http://itrc.hp.com
For HP-UX OV NNM 7.51
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01
HP-UX B.11.00
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38761 or subsequent
URL: http://itrc.hp.com
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 19 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs
A2UIaH3YB7z+o42Tm7Eg7ahn
=lskD
-----END PGP SIGNATURE-----
. The goal of this project is to
provide a secure, efficient and extensible server that provides
HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since
April 1996. The November 2005 Netcraft Web Server Survey found
that more than 70% of the web sites on the Internet are using
Apache, thus making it more widely used than all other web
servers combined. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state."
- --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---
During the fact that Apache mod_status do not filter char ";" we can inject new URL.
This fact give attacker open redirector and can lead to phishing attack.
Also attacker can create more advanced method to trigger XSS on victim's browser. Exploit ---
SecurityReason is not going to release a exploit to the general public.
Exploit was provided and tested for Apache Team . References ---
A Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein
- --- 5. Greets ---
For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp
- --- 6.
HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier |
|
var-201711-0454
|
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------
Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html
CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,
CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,
CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
November 10, 2017
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201712-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: December 14, 2017
Bugs: #637076
ID: 201712-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst
of which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3"
References
==========
[ 1 ] CVE-2017-13783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783
[ 2 ] CVE-2017-13784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784
[ 3 ] CVE-2017-13785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785
[ 4 ] CVE-2017-13788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788
[ 5 ] CVE-2017-13791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791
[ 6 ] CVE-2017-13792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792
[ 7 ] CVE-2017-13793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793
[ 8 ] CVE-2017-13794
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794
[ 9 ] CVE-2017-13795
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795
[ 10 ] CVE-2017-13796
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796
[ 11 ] CVE-2017-13798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798
[ 12 ] CVE-2017-13802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802
[ 13 ] CVE-2017-13803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201712-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
===========================================================================
Ubuntu Security Notice USN-3481-1
November 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1
Ubuntu 17.04:
libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1
libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3481-1
CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788,
CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794,
CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1
--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-10-31-1 iOS 11.1
iOS 11.1 is now available and addresses the following:
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-13849: Ro of SavSec
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13799: an anonymous researcher
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device. This issue was addressed with
improved state management.
CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2017-13805: Yiğit Can YILMAZ (@yilmazcanyigit)
StreamingZip
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious zip file may be able modify restricted areas of
the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
UIKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Characters in a secure text field might be revealed
Description: The characters in a secure text field were revealed
during focus change events. This issue was addressed through improved
state management.
CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of
Tech Mahindra, Ricardo Sampayo of Bemo Ltd
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw//
bEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e
wgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj
EWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx
BtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S
E3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ
RDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x
E8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz
VznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm
9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu
AWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p
9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s=
=qJV/
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/ |
|
var-201506-0264
|
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. PHP is prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the first character of the file name is a ' ' character. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. A remote attacker could use this flaw to
trigger the execution of a PHP script in a deinitialized interpreter,
causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: June 19, 2016
Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
#552408, #555576, #555830, #556952, #559612, #562882,
#571254, #573892, #577376
ID: 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz
Slackware 14.1 package:
52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz
Slackware -current package:
e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz
Slackware x86_64 -current package:
ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.41-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address |
|
var-202004-0812
|
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. ksh There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. 8) - aarch64, ppc64le, s390x, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra are now available and address the
following:
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to break out of its
sandbox
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables. This issue was addressed with improved validation.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing
(https://wojciechregula.blog)
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted
network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their
assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher
for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their
assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: ksh security update
Advisory ID: RHSA-2020:1333-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1333
Issue date: 2020-04-06
CVE Names: CVE-2019-14868
====================================================================
1. Summary:
An update for ksh is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
3. Description:
KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which
is backward-compatible with the Bourne shell (sh) and includes many
features of the C shell. The most recent version is KSH-93. KornShell
complies with the POSIX.2 standard (IEEE Std 1003.2-1992).
Security Fix(es):
* ksh: certain environment variables interpreted as arithmetic expressions
on startup, leading to code injection (CVE-2019-14868)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
ksh-20120801-140.el7_6.src.rpm
x86_64:
ksh-20120801-140.el7_6.x86_64.rpm
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
ksh-20120801-140.el7_6.src.rpm
ppc64:
ksh-20120801-140.el7_6.ppc64.rpm
ksh-debuginfo-20120801-140.el7_6.ppc64.rpm
ppc64le:
ksh-20120801-140.el7_6.ppc64le.rpm
ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm
s390x:
ksh-20120801-140.el7_6.s390x.rpm
ksh-debuginfo-20120801-140.el7_6.s390x.rpm
x86_64:
ksh-20120801-140.el7_6.x86_64.rpm
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
ksh-20120801-140.el7_6.src.rpm
aarch64:
ksh-20120801-140.el7_6.aarch64.rpm
ksh-debuginfo-20120801-140.el7_6.aarch64.rpm
ppc64le:
ksh-20120801-140.el7_6.ppc64le.rpm
ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm
s390x:
ksh-20120801-140.el7_6.s390x.rpm
ksh-debuginfo-20120801-140.el7_6.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14868
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXotlt9zjgjWX9erEAQiUMA/9FZolfIAXKMjp9BykiBgvX84zEl6hey3x
jjG/PT73AIB6fmu4qgni9Cj61Z7fhYJRA5m79yrLHrwsvyGrqaPbKB5MTkoXFW5H
HO38WQ/eOKc+/cKjWZYBkgZbojrz2HMnujBf09GsoUYo7fS1ylPugWkCOdbd0vId
jHAwwxSngUqPzVMv8CBGeinus4YOruZkY/2OhUJeFm3/nEwsbNUVcncA2ceBYs2W
vu7Lp2fC4qZ9j6vt3yeuUtL2gpV6iDtmUa5SPAXc8wn/8luyg7DeVC8Xz+FxZSRt
BxDO663OmLdfAKdsQEyiWMEsI4FMygiDyqpW9z4yjOZmcaDFJ96kXr98JfQooKxl
9mfnXpIoFxCfDc3ved8zHtb1oMw/CB5AC/XOR71lxjd/qLy2w6b+2v4KWeKN0kKE
6AZ0qr0jN/nLhhFjb+efzPxLMP9Wccv99U3M91xkG0I6w/vhwzM/848CYILnFnSt
jTScL1Jvax4g/r3TeJMoqsWZWOSZAZZzg5pc/1rfMEz+ySsQDum59jFQDQZvULve
Gaw8cjOX5lqfuWyjO2OxE2Lb8CFI+Rx0LWFMW9mjVJso3693XLATtr9PRzDP+J58
s5x40dnM3mqEXKbKK++q0QA4OzQ5qXj17FFaUjOVRhXNT9ULoL8rZ9P9lxioEMlI
NPsHxbgS/lg=Hx2Y
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 7.4) - x86_64
3. 7.5) - ppc64, ppc64le, s390x, x86_64
3 |
|
var-200506-0133
|
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. Included with many products Telnet Clients NEW-ENVIRON By command Telnet There is a problem that the environment variable information is illegally taken because the restriction of the environment variable sent to the server is inappropriate.By a third party IFRAME Tag and "TELNET://" Formal URI Etc., Web Malicious via page or email Telnet By enticing a target user to connect to a server, they may be able to obtain important information about the target system, such as the user's name, search path for executables, and locations of important data. still, Microsoft Windows 2000 Is not affected by this issue, Microsoft Windows Services for UNIX If you are using, you may be affected by this issue. Also some Linux Included with the distribution Kerberos Has been reported to be affected by this issue. Telnet clients provided by multiple vendors are prone to a remote information-disclosure vulnerability.
Attackers can retrieve any information stored in the environment of clients using the affected telnet application.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Microsoft Telnet Client Information Disclosure Weakness
SECUNIA ADVISORY ID:
SA15690
VERIFY ADVISORY:
http://secunia.com/advisories/15690/
CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
SOFTWARE:
Microsoft Windows Services for UNIX 2.x
http://secunia.com/product/5243/
Microsoft Windows Services for UNIX 3.x
http://secunia.com/product/5244/
DESCRIPTION:
Ga\xebl Delalleau has reported a weakness has been reported in Microsoft
Windows, which can be exploited by malicious people to gain knowledge
of various information.
Successful exploitation requires that a user e.g. visits a malicious
web site or is tricked into clicking a specially crafted link.
SOLUTION:
Apply patches.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-202001-0472
|
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. Intel(R) Processor Graphics There is an information leakage vulnerability in.Information may be obtained. This vulnerability stems from configuration errors in network systems or products during operation. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4287-2
February 18, 2020
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2019-15099)
It was discovered that the HSA Linux kernel driver for AMD GPU devices did
not properly check for errors in certain situations, leading to a NULL
pointer dereference. A local attacker could possibly use this to cause a
denial of service. (CVE-2019-16229)
It was discovered that the Marvell 8xxx Libertas WLAN device driver in the
Linux kernel did not properly check for errors in certain situations,
leading to a NULL pointer dereference. A local attacker could possibly use
this to cause a denial of service. (CVE-2019-16232)
It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)
It was discovered that the Renesas Digital Radio Interface (DRIF) driver in
the Linux kernel did not properly initialize data. A local attacker could
possibly use this to expose sensitive information (kernel memory).
(CVE-2019-18786)
It was discovered that the Afatech AF9005 DVB-T USB device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-18809)
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)
It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex
Driver for the Linux kernel. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19063)
It was discovered that the RSI 91x WLAN device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19071)
It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19078)
It was discovered that the AMD GPU device drivers in the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19082)
Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle certain conditions. An attacker could use
this to specially craft an ext4 file system that, when mounted, could cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-19767)
Gao Chuan discovered that the SAS Class driver in the Linux kernel
contained a race condition that could lead to a NULL pointer dereference. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-19965)
It was discovered that the Datagram Congestion Control Protocol (DCCP)
implementation in the Linux kernel did not properly deallocate memory in
certain error conditions. An attacker could possibly use this to cause a
denial of service (kernel memory exhaustion). (CVE-2019-20096)
Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel
when used as an access point would send IAPP location updates for stations
before client authentication had completed. A physically proximate attacker
could use this to cause a denial of service. (CVE-2019-5108)
It was discovered that a race condition can lead to a use-after-free while
destroying GEM contexts in the i915 driver for the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-7053)
It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1
linux-image-azure 4.15.0.1069.55
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4287-2
https://usn.ubuntu.com/4287-1
CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229,
CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809,
CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063,
CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227,
CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096,
CVE-2019-5108, CVE-2020-7053
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Openshift Logging 5.3.0 bug fix and security update
Advisory ID: RHSA-2021:4627-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4627
Issue date: 2021-11-15
CVE Names: CVE-2018-20673 CVE-2018-25009 CVE-2018-25010
CVE-2018-25012 CVE-2018-25013 CVE-2018-25014
CVE-2019-5827 CVE-2019-13750 CVE-2019-13751
CVE-2019-14615 CVE-2019-17594 CVE-2019-17595
CVE-2019-18218 CVE-2019-19603 CVE-2019-20838
CVE-2020-0427 CVE-2020-10001 CVE-2020-12762
CVE-2020-13435 CVE-2020-14145 CVE-2020-14155
CVE-2020-16135 CVE-2020-17541 CVE-2020-24370
CVE-2020-24502 CVE-2020-24503 CVE-2020-24504
CVE-2020-24586 CVE-2020-24587 CVE-2020-24588
CVE-2020-26139 CVE-2020-26140 CVE-2020-26141
CVE-2020-26143 CVE-2020-26144 CVE-2020-26145
CVE-2020-26146 CVE-2020-26147 CVE-2020-27777
CVE-2020-29368 CVE-2020-29660 CVE-2020-35448
CVE-2020-35521 CVE-2020-35522 CVE-2020-35523
CVE-2020-35524 CVE-2020-36158 CVE-2020-36312
CVE-2020-36330 CVE-2020-36331 CVE-2020-36332
CVE-2020-36386 CVE-2021-0129 CVE-2021-3200
CVE-2021-3348 CVE-2021-3426 CVE-2021-3445
CVE-2021-3481 CVE-2021-3487 CVE-2021-3489
CVE-2021-3564 CVE-2021-3572 CVE-2021-3573
CVE-2021-3580 CVE-2021-3600 CVE-2021-3635
CVE-2021-3659 CVE-2021-3679 CVE-2021-3732
CVE-2021-3778 CVE-2021-3796 CVE-2021-3800
CVE-2021-20194 CVE-2021-20197 CVE-2021-20231
CVE-2021-20232 CVE-2021-20239 CVE-2021-20266
CVE-2021-20284 CVE-2021-22876 CVE-2021-22898
CVE-2021-22925 CVE-2021-23133 CVE-2021-23840
CVE-2021-23841 CVE-2021-27645 CVE-2021-28153
CVE-2021-28950 CVE-2021-28971 CVE-2021-29155
CVE-2021-29646 CVE-2021-29650 CVE-2021-31440
CVE-2021-31535 CVE-2021-31829 CVE-2021-31916
CVE-2021-33033 CVE-2021-33194 CVE-2021-33200
CVE-2021-33560 CVE-2021-33574 CVE-2021-35942
CVE-2021-36084 CVE-2021-36085 CVE-2021-36086
CVE-2021-36087 CVE-2021-42574
=====================================================================
1. Summary:
An update is now available for OpenShift Logging 5.3.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Openshift Logging Bug Fix Release (5.3.0)
Security Fix(es):
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert `FluentdNodeDown` always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYZJxoNzjgjWX9erEAQji2Q//bv8hVZq0D8Dz0Do5vdoPzpjDhM6wJr7U
3CqAqcxniXvHVbBiPHPsY3p3M62FSO5lg4oZnVfokEtrZmLe9ULZWLlNxVilAUCT
0urKKWCAIXF+QJcW9/KCuIfaMh8Mmvh2baq52azauCHCJ3UK9ontiGWqyUz/aq9F
TM4P/eehnUU1WXAz9x4ycHP7fHZBuADkI8WOUZ5M/QpcoEvo7rLFdyat5MpMkeJx
j7gGieb2ITvblxEML3LRdPljQxe56w7p2jC/EoXJnssjABozlWB936Ub/QSulGuz
+HQS+RnAGxRRpNcs1wNQzpIkCFJN2S0jlEj5VLB8xLbZTYtILWhIx4rlwaFy6NJn
/z7hpEfSAgmhPTejshI/2Gfu/sc+KStEJk2IasWO1wqQWRqYGVeLwgHxBt2wpX+I
XJUjhkAdhAWyDfEhPXzpbN4dhmDk0QiGfL3KWZ8nO54IFQgZHT1P1YArnI1hMWC7
JhTyj1DtFOKJl8X28wf6RNui+ifD12hmIAuQRuJTPjZbTnywwpMy+Sq9mrfeHztb
gPt2AqOPF5ksNB6OsjVKlMScLlLJzzlkBVgmurXaly0z2qLjy0Rl70oWeMOW4xUD
4Ravk3PLEMqSIHv0ECr4ku5ejMV1Rd46USrgVX2R0CALXIxPkk1IEN8hHmzIGz2D
HHJuAvrlroc=
=di1X
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-201710-1406
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of BoundFunction objects. By performing actions in JavaScript, an attacker can trigger a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to multiple memory-corruption vulnerabilities.
These issues affect the following technologies and versions:
iCloud for Windows 7
Safari prior to 11
tvOS prior to 11
iTunes for Windows prior to 12.7. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products.
Installation note:
Safari 11 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0008
------------------------------------------------------------------------
Date reported : October 18, 2017
Advisory ID : WSA-2017-0008
Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html
CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,
CVE-2017-7090, CVE-2017-7091, CVE-2017-7092,
CVE-2017-7093, CVE-2017-7094, CVE-2017-7095,
CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,
CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111,
CVE-2017-7117, CVE-2017-7120, CVE-2017-7142.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Apple. Description: A memory corruption issue was
addressed through improved input validation.
Credit to Apple. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Description: A logic issue existed
in the handling of the parent-tab. This issue was addressed with
improved state management.
Credit to Apple.
Impact: Cookies belonging to one origin may be sent to another
origin. Description: A permissions issue existed in the handling of
web browser cookies. This issue was addressed by no longer returning
cookies for custom URL schemes.
Credit to Wei Yuan of Baidu Security Lab working with Trend Microas
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel
Gro and Niklas Baumstark working with Trend Micro's Zero Day
Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Samuel Gro and Niklas Baumstark working with Trend Microas
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University working with Trend Microas Zero Day
Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Apple. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to avlidienbrunn.
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack. Description: Application Cache policy
may be unexpectedly applied.
Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working
with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: Website data may persist after a Safari Private browsing
session. Description: An information leakage issue existed in the
handling of website data in Safari Private windows. This issue was
addressed with improved data handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
October 18, 2017
. ==========================================================================
Ubuntu Security Notice USN-3460-1
October 23, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2
libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2
libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3460-1
CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,
CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096,
CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
CVE-2017-7120
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-09-25-4
Additional information for APPLE-SA-2017-09-19-1 iOS 11
iOS 11 addresses the following:
Bluetooth
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to access restricted files
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2017-7131: Dominik Conrads of Federal Office for Information
Security, an anonymous researcher, Elvis (@elvisimprsntr), an
anonymous researcher
Entry added September 25, 2017
CFNetwork Proxies
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
Entry added September 25, 2017
CoreAudio
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro
Entry added September 25, 2017
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This was
addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is
now supported.
CVE-2017-7088: Ilya Nesterov, Maxim Goncharov
Heimdal
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
impersonate a service
Description: A validation issue existed in the handling of the KDC-
REP service name.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams
Entry added September 25, 2017
iBooks
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7072: JAdrzej Krysztofiak
Entry added September 25, 2017
Kernel
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Entry added September 25, 2017
Keyboard Suggestions
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Keyboard autocorrect suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information.
CVE-2017-7140: an anonymous researcher
Entry added September 25, 2017
libc
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google
Entry added September 25, 2017
libc
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373
Entry added September 25, 2017
libexpat
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233
Entry added September 25, 2017
Location Framework
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in the handling of the
location variable. This was addressed with additional ownership
checks.
CVE-2017-7148: an anonymous researcher, an anonymous researcher
Entry added September 25, 2017
Mail Drafts
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher
Entry added September 25, 2017
Mail MessageUI
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A memory corruption issue was addressed with improved
validation.
CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital
Messages
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A denial of service issue was addressed through improved
validation.
CVE-2017-7118: Kiki Jiang and Jason Tokoph
MobileBackup
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Backup may perform an unencrypted backup despite a
requirement to perform only encrypted backups
Description: A permissions issue existed.
CVE-2017-7133: Don Sparks of HackediOS.com
Phone
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A screenshot of secure content may be taken when locking an
iOS device
Description: A timing issue existed in the handling of locking.
CVE-2017-7139: an anonymous researcher
Entry added September 25, 2017
Safari
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)
Security
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data.
CVE-2017-7080: an anonymous researcher, an anonymous researcher,
Sven Driemecker of adesso mobile solutions gmbh,
Rune Darrud (@theflyingcorpse) of BA|rum kommune
Entry added September 25, 2017
Security
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A permission checking issue existed in the handling of
an app's Keychain data.
CVE-2017-7146: an anonymous researcher
Entry added September 25, 2017
SQLite
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to
version 3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz
Entry added September 25, 2017
SQLite
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher
Entry added September 25, 2017
Time
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: "Setting Time Zone" may incorrectly indicate that it is using
location
Description: A permissions issue existed in the process that handles
time zone information. The issue was resolved by modifying
permissions.
CVE-2017-7145: an anonymous researcher
Entry added September 25, 2017
WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7081: Apple
Entry added September 25, 2017
WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify
Entry added September 25, 2017
WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web
browser cookies.
CVE-2017-7090: Apple
Entry added September 25, 2017
WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7109: avlidienbrunn
Entry added September 25, 2017
WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies.
CVE-2017-7144: an anonymous researcher
Entry added September 25, 2017
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-11120: Gal Beniamini of Google Project Zero
CVE-2017-11121: Gal Beniamini of Google Project Zero
Entry added September 25, 2017
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero
CVE-2017-7108: Gal Beniamini of Google Project Zero
CVE-2017-7110: Gal Beniamini of Google Project Zero
CVE-2017-7112: Gal Beniamini of Google Project Zero
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: Multiple race conditions were addressed through improved
validation.
CVE-2017-7115: Gal Beniamini of Google Project Zero
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
read restricted kernel memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7116: Gal Beniamini of Google Project Zero
zlib
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
Entry added September 25, 2017
Additional recognition
Security
We would like to acknowledge Abhinav Bansal of Zscaler, Inc.
for their assistance.
Webkit
We would like to acknowledge xisigr of Tencent's Xuanwu Lab
(tencent.com) for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGvBgQAJIF/+cKGy/7YWEugFrwr8A3
rNzHU/yZ3X976fmlYM8l+VUJEn2khu5huPsQzYUvEdbHOWkUGThKil+NzDr3YP6V
YYRIi+6i9KJEATGQAdR9YW6bcqJCu7S2xxNBnXtOxR/1TzO4LvVQsWJo0c5z91dD
Aid3uYhx1SPwcaF5O5CfRQcp1JSLOWKZOaxO+u+DmtYIM746jrz3FOrfEN8mQp0q
CwUSE/Vum7ImOsNUO308QnGmL7s/FGkp86/JtNTbAxJ47Rhqu5lcXj3q1ntrlLdX
VFC+K7mNdwNtc1vqB03W5gamyD1qVcTvvwJ3D9cpQAySTDyRFF9cGw+TrzaDl48B
8iiY7D/KkhHuY4jskCF6xyjzloK9RfgKg2FzEBndoESt7bEw4eufF9wnrfV/M1xw
6U4DSjZxgqUwV7YqMX/VnpcEuxg5q9emCQmBfudnVIPKuOITg8x1oyE1e036MDo5
zon/cRIxqaSt8K6rI7TafxQIwpM541N89O/VZbcVey5JFIu1kew4G/gMivMOyroE
+xqxLmeGgD10LMZOgoRsNBiKDy8JLJa2lO2dVTZMV4bdtCngeDikDNLqYUcW8lfa
5ZsQBceoCI6abj4PV35N7dHVATFudhrZmhY0epHt13xmRHUFTywOktu/TkOZM8HR
eU2TBtOsDF6N5SFunvAC
=s5yy
-----END PGP SIGNATURE-----
|
|
var-201302-0233
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks.".
The vulnerability can be exploited over multiple protocols. This issue affects the 'AWT' sub-component. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:
http://secunia.com/products/corporate/vim/section_179/
----------------------------------------------------------------------
TITLE:
Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA43627
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43627/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43627
RELEASE DATE:
2011-03-08
DISCUSS ADVISORY:
http://secunia.com/advisories/43627/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43627/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43627
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Hitachi has acknowledged some vulnerabilities in Hitachi Cosminexus
products, which can be exploited by malicious people to disclose
potentially sensitive information, manipulate certain data, cause a
DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled
version of Cosminexus Developer's Kit for Java.
For more information:
SA43262
Please see the vendor's advisory for a full list of affected
products.
SOLUTION:
Update to a fixed version. Please see vendor advisory for more
details.
ORIGINAL ADVISORY:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-003/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Release Date: 2013-03-25
Last Updated: 2013-03-22
Potential Security Impact: Remote unauthorized access, disclosure of
information, and other vulnerabilities?
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime
Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These
vulnerabilities could allow remote unauthorized access, disclosure of
information, and other exploits.
References: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,
CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,
CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442,
CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449,
CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486,
CVE-2013-1487, CVE-2013-1489, CVE-2013-1493
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.04 and earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1541 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3213 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3342 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0169 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2013-0351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2013-0409 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0419 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0423 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0424 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0425 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0426 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0427 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0428 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0431 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2013-0433 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0434 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0435 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0437 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0438 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2013-0440 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-0441 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0442 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0443 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0
CVE-2013-0444 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0445 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0446 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0450 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1473 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-1475 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1476 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1478 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1480 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1484 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1485 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-1486 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1487 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1489 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1493 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/java
HP-UX B.11.23, B.11.31
JDK and JRE v7.0.05 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v7.0 update to Java v7.0.05 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk70.JDK70-COM
Jdk70.JDK70-DEMO
Jdk70.JDK70-IPF32
Jdk70.JDK70-IPF64
Jre70.JRE70-COM
Jre70.JRE70-IPF32
Jre70.JRE70-IPF32-HS
Jre70.JRE70-IPF64
Jre70.JRE70-IPF64-HS
action: install revision 1.7.0.04.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 25 March 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
It was discovered that OpenJDK leaked timing information when
decrypting TLS/SSL protocol encrypted records when CBC-mode cipher
suites were used. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZQ6mmqjQ0CJFipgRArrgAKCPZMbOA1UtXaG4tQd9CKEggT1x/gCfYfXv
8XJUrvALufbbaHuyChk9zik=
=TGuI
-----END PGP SIGNATURE-----
. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. (CVE-2013-0443)
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.7.0-openjdk security update
Advisory ID: RHSA-2013:0247-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0247.html
Issue date: 2013-02-08
CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426
CVE-2013-0427 CVE-2013-0428 CVE-2013-0429
CVE-2013-0431 CVE-2013-0432 CVE-2013-0433
CVE-2013-0434 CVE-2013-0435 CVE-2013-0440
CVE-2013-0441 CVE-2013-0442 CVE-2013-0443
CVE-2013-0444 CVE-2013-0445 CVE-2013-0450
CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
CVE-2013-1480
=====================================================================
1. Summary:
Updated java-1.7.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
3. Description:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple improper permission check issues were discovered in the AWT,
CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,
CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,
CVE-2013-0428, CVE-2013-0444)
Multiple flaws were found in the way image parsers in the 2D and AWT
components handled image raster parameters. A specially-crafted image could
cause Java Virtual Machine memory corruption and, possibly, lead to
arbitrary code execution with the virtual machine privileges.
(CVE-2013-1478, CVE-2013-1480)
A flaw was found in the AWT component's clipboard handling code. An
untrusted Java application or applet could use this flaw to access
clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)
The default Java security properties configuration did not restrict access
to certain com.sun.xml.internal packages. An untrusted Java application or
applet could use this flaw to access information, bypassing certain Java
sandbox restrictions. This update lists the whole package as restricted.
(CVE-2013-0435)
Multiple improper permission check issues were discovered in the JMX,
Libraries, Networking, and JAXP components. An untrusted Java application
or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)
It was discovered that the RMI component's CGIHandler class used user
inputs in error messages without any sanitization. An attacker could use
this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)
It was discovered that the SSL/TLS implementation in the JSSE component
did not properly enforce handshake message ordering, allowing an unlimited
number of handshake restarts. A remote attacker could use this flaw to
make an SSL/TLS server using JSSE consume an excessive amount of CPU by
continuously restarting the handshake. (CVE-2013-0440)
It was discovered that the JSSE component did not properly validate
Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw
to perform a small subgroup attack. (CVE-2013-0443)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)
906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493)
907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-0424.html
https://www.redhat.com/security/data/cve/CVE-2013-0425.html
https://www.redhat.com/security/data/cve/CVE-2013-0426.html
https://www.redhat.com/security/data/cve/CVE-2013-0427.html
https://www.redhat.com/security/data/cve/CVE-2013-0428.html
https://www.redhat.com/security/data/cve/CVE-2013-0429.html
https://www.redhat.com/security/data/cve/CVE-2013-0431.html
https://www.redhat.com/security/data/cve/CVE-2013-0432.html
https://www.redhat.com/security/data/cve/CVE-2013-0433.html
https://www.redhat.com/security/data/cve/CVE-2013-0434.html
https://www.redhat.com/security/data/cve/CVE-2013-0435.html
https://www.redhat.com/security/data/cve/CVE-2013-0440.html
https://www.redhat.com/security/data/cve/CVE-2013-0441.html
https://www.redhat.com/security/data/cve/CVE-2013-0442.html
https://www.redhat.com/security/data/cve/CVE-2013-0443.html
https://www.redhat.com/security/data/cve/CVE-2013-0444.html
https://www.redhat.com/security/data/cve/CVE-2013-0445.html
https://www.redhat.com/security/data/cve/CVE-2013-0450.html
https://www.redhat.com/security/data/cve/CVE-2013-1475.html
https://www.redhat.com/security/data/cve/CVE-2013-1476.html
https://www.redhat.com/security/data/cve/CVE-2013-1478.html
https://www.redhat.com/security/data/cve/CVE-2013-1480.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.5/NEWS
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRFVXMXlSAg2UNWIIRAvzmAJsEIinMVfUD8oFejiNBbKBOxDtgqwCePy0t
WzOE5rFNiST5oFX5kr3mRQA=
=+39R
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section |
|
var-201105-0197
|
Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code with elevated privileges. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
Firefox 3.6.17
Firefox 3.5.19
SeaMonkey 2.0.14
NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it. Firefox is a very popular open source web browser. SeaMonkey is an open source web browser, mail and newsgroup client, IRC session client, and HTML editor. Remote attackers can use unknown vectors to bypass preset access restrictions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:079
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : April 30, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Chris Evans of the Chrome Security Team reported that the XSLT
generate-id() function returned a string that revealed a specific valid
address of an object on the memory heap. It is possible that in some
cases this address would be valuable information that could be used
by an attacker while exploiting a different memory corruption but,
in order to make an exploit more reliable or work around mitigation
features in the browser or operating system (CVE-2011-1202).
Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on
Windows and the potential loading of resources from non-permitted
locations. The impact would depend on whether interesting files
existed in predictable locations in a useful format. For example,
the existence or non-existence of particular images might indicate
whether certain software was installed (CVE-2011-0071).
Security researcher Paul Stone reported that a Java applet could be
used to mimic interaction with form autocomplete controls and steal
entries from the form history (CVE-2011-0067).
Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065,
CVE-2011-0066, CVE-2011-0073).
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).
Additionally the sqlite3 packages were upgraded to the 3.7.6.2
version. A new package that provides /usr/bin/lemon was added. The
lemon software was previousely provided with sqlite3 and is used in
some cases when building php.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
2973de477d7455b08bbe09f5a570f6aa 2009.0/i586/beagle-0.3.8-13.36mdv2009.0.i586.rpm
7e198710e98eed5835de55a07bcc645d 2009.0/i586/beagle-crawl-system-0.3.8-13.36mdv2009.0.i586.rpm
a9955422fa8f5e70cee6df6a3b9fae7c 2009.0/i586/beagle-doc-0.3.8-13.36mdv2009.0.i586.rpm
23513c8d7d383f3b0d20902b30d11790 2009.0/i586/beagle-epiphany-0.3.8-13.36mdv2009.0.i586.rpm
391f72db4d9b334fed1b3d33306ee55f 2009.0/i586/beagle-evolution-0.3.8-13.36mdv2009.0.i586.rpm
7311810525b3483b8754ecc4390033e6 2009.0/i586/beagle-gui-0.3.8-13.36mdv2009.0.i586.rpm
935fdbace81371b2eea685f037caff00 2009.0/i586/beagle-gui-qt-0.3.8-13.36mdv2009.0.i586.rpm
8ca9aa9f40e44a872cf0befa74789302 2009.0/i586/beagle-libs-0.3.8-13.36mdv2009.0.i586.rpm
cabf1109de711d8b8b144501263d6d9a 2009.0/i586/devhelp-0.21-3.25mdv2009.0.i586.rpm
5d49d110ca039207523256b93ca0aefb 2009.0/i586/devhelp-plugins-0.21-3.25mdv2009.0.i586.rpm
9da6dcff3078fda7f7b78843400051b7 2009.0/i586/epiphany-2.24.3-0.14mdv2009.0.i586.rpm
0ac6148e0be68f6c9ae8263c1399769e 2009.0/i586/epiphany-devel-2.24.3-0.14mdv2009.0.i586.rpm
0f1ff7a4bfc2067c89b66fd98e62e8f9 2009.0/i586/firefox-3.6.17-0.1mdv2009.0.i586.rpm
68c6d5e2860f7c24f4af09bc313f5164 2009.0/i586/firefox-af-3.6.17-0.1mdv2009.0.i586.rpm
2a63cbcbd840c1ba22ac317e44c36f80 2009.0/i586/firefox-ar-3.6.17-0.1mdv2009.0.i586.rpm
00bca75faebfbd49825d0b03580f5123 2009.0/i586/firefox-be-3.6.17-0.1mdv2009.0.i586.rpm
db03eca0613b52f2f077279d6883a0d5 2009.0/i586/firefox-bg-3.6.17-0.1mdv2009.0.i586.rpm
4a552121865938a8912a68de5dab9be6 2009.0/i586/firefox-bn-3.6.17-0.1mdv2009.0.i586.rpm
8f7d1c3f2f79f1d25d14a3cd8d6401e3 2009.0/i586/firefox-ca-3.6.17-0.1mdv2009.0.i586.rpm
228db324dd6cdd307fcf4642c63b48bb 2009.0/i586/firefox-cs-3.6.17-0.1mdv2009.0.i586.rpm
948c6ebab830b48a173c471a1b8526a8 2009.0/i586/firefox-cy-3.6.17-0.1mdv2009.0.i586.rpm
7472f143a13da640d052c40977a027df 2009.0/i586/firefox-da-3.6.17-0.1mdv2009.0.i586.rpm
a40f6c2977f79caa31e87d09169d1a0e 2009.0/i586/firefox-de-3.6.17-0.1mdv2009.0.i586.rpm
3861628556d0d7b4a3c8200cbd0dc8d3 2009.0/i586/firefox-devel-3.6.17-0.1mdv2009.0.i586.rpm
3571fa7c7e0cc159ec27d13bbcd18afb 2009.0/i586/firefox-el-3.6.17-0.1mdv2009.0.i586.rpm
71ed13d932446cd071f57370f1c67993 2009.0/i586/firefox-en_GB-3.6.17-0.1mdv2009.0.i586.rpm
7204644845d2f0516c8231604e51be06 2009.0/i586/firefox-eo-3.6.17-0.1mdv2009.0.i586.rpm
a304223e23e5ae9d862606aa64eb0473 2009.0/i586/firefox-es_AR-3.6.17-0.1mdv2009.0.i586.rpm
e10040850cae86538b035f5795147359 2009.0/i586/firefox-es_ES-3.6.17-0.1mdv2009.0.i586.rpm
0da9a35d0287fe8537e50aad67864861 2009.0/i586/firefox-et-3.6.17-0.1mdv2009.0.i586.rpm
e433dcf9f297d3468d02e34c1cdec2f7 2009.0/i586/firefox-eu-3.6.17-0.1mdv2009.0.i586.rpm
b8c6a66f15cda3f88e41d251e492b766 2009.0/i586/firefox-ext-beagle-0.3.8-13.36mdv2009.0.i586.rpm
298ffb6cb4907c8fed7013bc1cd8b7cd 2009.0/i586/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.i586.rpm
346f393bb67e5b07d7f5da620f0a7cfd 2009.0/i586/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.i586.rpm
c5549d686d3cf1af3f1af6e76d53710d 2009.0/i586/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.i586.rpm
b0bb514e6bc44941c257ab9e9a4886ce 2009.0/i586/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.i586.rpm
45513fb325474a1ab238f0603e277f53 2009.0/i586/firefox-fi-3.6.17-0.1mdv2009.0.i586.rpm
f779393326b33faac80b0464423de6b2 2009.0/i586/firefox-fr-3.6.17-0.1mdv2009.0.i586.rpm
53410f5a375a58acf74911b4455408a2 2009.0/i586/firefox-fy-3.6.17-0.1mdv2009.0.i586.rpm
b3839dd9b19d38c42ea35a44d618a9c6 2009.0/i586/firefox-ga_IE-3.6.17-0.1mdv2009.0.i586.rpm
e05ece41e912c28410ce8c4d5e7aac09 2009.0/i586/firefox-gl-3.6.17-0.1mdv2009.0.i586.rpm
586386851fbe0a16b578cd9cb6268440 2009.0/i586/firefox-gu_IN-3.6.17-0.1mdv2009.0.i586.rpm
854c678ffd13330aec33447c9b197769 2009.0/i586/firefox-he-3.6.17-0.1mdv2009.0.i586.rpm
017389c95a4b6c2d073d318180d5e384 2009.0/i586/firefox-hi-3.6.17-0.1mdv2009.0.i586.rpm
155b3dd9f3d4df8d171c66a304d2fd85 2009.0/i586/firefox-hu-3.6.17-0.1mdv2009.0.i586.rpm
7ba221d915d86a7ff40021d37cbfe985 2009.0/i586/firefox-id-3.6.17-0.1mdv2009.0.i586.rpm
39130b124a73caef8f2b4f9aa6b0e61a 2009.0/i586/firefox-is-3.6.17-0.1mdv2009.0.i586.rpm
b71974aed5edda2cc0e65000df3a1011 2009.0/i586/firefox-it-3.6.17-0.1mdv2009.0.i586.rpm
07a88fe9d9beb8ba7b5ee9936f347dc5 2009.0/i586/firefox-ja-3.6.17-0.1mdv2009.0.i586.rpm
fe09ec733d5edede980b81e3bb1a9809 2009.0/i586/firefox-ka-3.6.17-0.1mdv2009.0.i586.rpm
1f54c7528e5b7ce3b9b85cfa8e875640 2009.0/i586/firefox-kn-3.6.17-0.1mdv2009.0.i586.rpm
a217105802753a4f9d7ed341a1192f63 2009.0/i586/firefox-ko-3.6.17-0.1mdv2009.0.i586.rpm
c42801fa51cdf12a07d3afd8f65be5ff 2009.0/i586/firefox-ku-3.6.17-0.1mdv2009.0.i586.rpm
fdb5ff5c53e6290f5e543cbbc80f0782 2009.0/i586/firefox-lt-3.6.17-0.1mdv2009.0.i586.rpm
a42d147c886a87428e1433081f8fab98 2009.0/i586/firefox-lv-3.6.17-0.1mdv2009.0.i586.rpm
3c9a81ffc3597e21448f5f5a9485b399 2009.0/i586/firefox-mk-3.6.17-0.1mdv2009.0.i586.rpm
799700985d71360d86de7372d0cf0364 2009.0/i586/firefox-mr-3.6.17-0.1mdv2009.0.i586.rpm
8540e2fd37d7e577fa9c770af9360b60 2009.0/i586/firefox-nb_NO-3.6.17-0.1mdv2009.0.i586.rpm
26dbb0a70d552a636dfb22d7725859c2 2009.0/i586/firefox-nl-3.6.17-0.1mdv2009.0.i586.rpm
c76027df052ae1cc125e798b07fb9a83 2009.0/i586/firefox-nn_NO-3.6.17-0.1mdv2009.0.i586.rpm
60a2f1bd57c903e7c66c5905e8e192a9 2009.0/i586/firefox-oc-3.6.17-0.1mdv2009.0.i586.rpm
a0ce0cff62e5217e50ced505dc22261a 2009.0/i586/firefox-pa_IN-3.6.17-0.1mdv2009.0.i586.rpm
67346320e8159a7c1a351482ae832fdd 2009.0/i586/firefox-pl-3.6.17-0.1mdv2009.0.i586.rpm
fc448d8eec4340436fa55350a91a4f24 2009.0/i586/firefox-pt_BR-3.6.17-0.1mdv2009.0.i586.rpm
cf72d6ad8a417fd724e52210bf509b74 2009.0/i586/firefox-pt_PT-3.6.17-0.1mdv2009.0.i586.rpm
34ea987f1a28427acd00f07b97038890 2009.0/i586/firefox-ro-3.6.17-0.1mdv2009.0.i586.rpm
305033f355f87f0b4b567d6b7563354e 2009.0/i586/firefox-ru-3.6.17-0.1mdv2009.0.i586.rpm
3c40b9a2484cdabd87784fe09661ecb8 2009.0/i586/firefox-si-3.6.17-0.1mdv2009.0.i586.rpm
7aa26e6bb6d954a5ad008c1e3d909cbc 2009.0/i586/firefox-sk-3.6.17-0.1mdv2009.0.i586.rpm
3f23f9c83f414de0059cb60eebf8d850 2009.0/i586/firefox-sl-3.6.17-0.1mdv2009.0.i586.rpm
f5e77819022ca51867af2a8d34f2a066 2009.0/i586/firefox-sq-3.6.17-0.1mdv2009.0.i586.rpm
ab6de80851e9b39524a1a9e50508f4b6 2009.0/i586/firefox-sr-3.6.17-0.1mdv2009.0.i586.rpm
e3e2d2e7c58ea80d9e518f50f75e11bb 2009.0/i586/firefox-sv_SE-3.6.17-0.1mdv2009.0.i586.rpm
7889dfad70b01797357808b0efd4181a 2009.0/i586/firefox-te-3.6.17-0.1mdv2009.0.i586.rpm
8eb35b7fb3d9717269d656ab0af66d85 2009.0/i586/firefox-th-3.6.17-0.1mdv2009.0.i586.rpm
db344c8f85860dc0939ae13cfc0a73ef 2009.0/i586/firefox-theme-kfirefox-0.16-0.13mdv2009.0.i586.rpm
b7cbe47a64595ec5c8e323727885eb8c 2009.0/i586/firefox-tr-3.6.17-0.1mdv2009.0.i586.rpm
63c912c7c72a2683fd2749f5a643709e 2009.0/i586/firefox-uk-3.6.17-0.1mdv2009.0.i586.rpm
445eec8f6167567b32046e16d1e4a8ac 2009.0/i586/firefox-zh_CN-3.6.17-0.1mdv2009.0.i586.rpm
36de2012d0dc81e1636912aebe714cd7 2009.0/i586/firefox-zh_TW-3.6.17-0.1mdv2009.0.i586.rpm
fea435facb5a727a1769b95ffdd6b7d1 2009.0/i586/gnome-python-extras-2.19.1-20.27mdv2009.0.i586.rpm
44d5541c188e831160c627682823285d 2009.0/i586/gnome-python-gda-2.19.1-20.27mdv2009.0.i586.rpm
09de2acc67f26df4996b244fb720a865 2009.0/i586/gnome-python-gda-devel-2.19.1-20.27mdv2009.0.i586.rpm
d78dbc547deafba5525ddef72093099b 2009.0/i586/gnome-python-gdl-2.19.1-20.27mdv2009.0.i586.rpm
aaefe570ba5819e6afa4fd49425fdf57 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.27mdv2009.0.i586.rpm
5868123938a14c88ce61b2604c7ea252 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.27mdv2009.0.i586.rpm
f7e7eb05f7b7fc09db698dc47c187bb5 2009.0/i586/gnome-python-gtkspell-2.19.1-20.27mdv2009.0.i586.rpm
79225cceef1a08a2d7297d088e7b97b4 2009.0/i586/lemon-3.7.4-0.1mdv2009.0.i586.rpm
2c2f28010934dde726a22971771369b9 2009.0/i586/libdevhelp-1_0-0.21-3.25mdv2009.0.i586.rpm
7b6cb5ee62261c8f871c1ad99ca5b635 2009.0/i586/libdevhelp-1-devel-0.21-3.25mdv2009.0.i586.rpm
497c932d9820cc1699102646d2ef218b 2009.0/i586/libsqlite3_0-3.7.6.2-0.1mdv2009.0.i586.rpm
fba77facd31656c25a044fedb3ffe3b5 2009.0/i586/libsqlite3-devel-3.7.6.2-0.1mdv2009.0.i586.rpm
530c270b9dd5e1a8c9e678bafedc6d53 2009.0/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2009.0.i586.rpm
9dd3cb1007979e629daa0d27f78be530 2009.0/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0.i586.rpm
46b0fbc1b5e027120083a1ffd58605a8 2009.0/i586/libxulrunner-devel-1.9.2.17-0.1mdv2009.0.i586.rpm
ad5e3d1ffd7382f012a9d57c4fa702e8 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.36mdv2009.0.i586.rpm
adad587299352a74e675cface6154638 2009.0/i586/sqlite3-tools-3.7.6.2-0.1mdv2009.0.i586.rpm
aeb059de62194445a32c7de36faa9e2e 2009.0/i586/xulrunner-1.9.2.17-0.1mdv2009.0.i586.rpm
a5caae640a02076364fdd8c189794478 2009.0/i586/yelp-2.24.0-3.28mdv2009.0.i586.rpm
0972d520d57df45393b0aef2da4b12ee 2009.0/SRPMS/beagle-0.3.8-13.36mdv2009.0.src.rpm
3f8b8f723797f0fbbb5e0264bac2bfbf 2009.0/SRPMS/devhelp-0.21-3.25mdv2009.0.src.rpm
ebbdbeb5e3ccb2fe3f424a327eb475ef 2009.0/SRPMS/epiphany-2.24.3-0.14mdv2009.0.src.rpm
3350215ced82f1bcf19a8e8188bf0a61 2009.0/SRPMS/firefox-3.6.17-0.1mdv2009.0.src.rpm
f11029532df82e7923c4b096af98d3f0 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.src.rpm
5aca99c0285a4412ecf02cf6bf946801 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.src.rpm
dbb411ce9ba2dc5416b53aea4c6641ae 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.src.rpm
96e289aef5dd3795e776125a93b9a11e 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.src.rpm
8681188142a3360b17eae804219d934e 2009.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2009.0.src.rpm
0b632cc0d32c20cb4c7458c7c20b0bcf 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.13mdv2009.0.src.rpm
82b1d9b926a7a183edd6ee0b39ee9fd8 2009.0/SRPMS/gnome-python-extras-2.19.1-20.27mdv2009.0.src.rpm
5bffe9ac14aabf83ea8b5c79f0e8e33f 2009.0/SRPMS/lemon-3.7.4-0.1mdv2009.0.src.rpm
aa8e2dcac3269d9836f3dade77086e7f 2009.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2009.0.src.rpm
fba6a9ca071ee5648b373d678d67e352 2009.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2009.0.src.rpm
4dc1a3719ef51d45d3af0be61950aef7 2009.0/SRPMS/yelp-2.24.0-3.28mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b032aed8693b94bf0b5f457b0e7c3eb7 2009.0/x86_64/beagle-0.3.8-13.36mdv2009.0.x86_64.rpm
2fac29c992cd8be8892a4fb91d380336 2009.0/x86_64/beagle-crawl-system-0.3.8-13.36mdv2009.0.x86_64.rpm
055ef55bb8a468a5ec17e87a93a58b0d 2009.0/x86_64/beagle-doc-0.3.8-13.36mdv2009.0.x86_64.rpm
3fcee0a627224a9387b748a4abc461d5 2009.0/x86_64/beagle-epiphany-0.3.8-13.36mdv2009.0.x86_64.rpm
51976fc9309a41ca1ea61541110240b2 2009.0/x86_64/beagle-evolution-0.3.8-13.36mdv2009.0.x86_64.rpm
a61243e5f9c5e0758dbfc4bc07b4dc84 2009.0/x86_64/beagle-gui-0.3.8-13.36mdv2009.0.x86_64.rpm
0a61952ef1924995be127129a149fbdf 2009.0/x86_64/beagle-gui-qt-0.3.8-13.36mdv2009.0.x86_64.rpm
734beb1bd9073dd56e5c2088213b7967 2009.0/x86_64/beagle-libs-0.3.8-13.36mdv2009.0.x86_64.rpm
595c25f3843781372230c07b5b33a442 2009.0/x86_64/devhelp-0.21-3.25mdv2009.0.x86_64.rpm
475b50ca8b0fbfeb52b09be5b92ed7ae 2009.0/x86_64/devhelp-plugins-0.21-3.25mdv2009.0.x86_64.rpm
8ddc7628fe244b65a69d4f40cc2f6c53 2009.0/x86_64/epiphany-2.24.3-0.14mdv2009.0.x86_64.rpm
e7ae117ed437ad50e8d723818bc05ff9 2009.0/x86_64/epiphany-devel-2.24.3-0.14mdv2009.0.x86_64.rpm
04e2c0401ba7286141e292d0f4be0c6a 2009.0/x86_64/firefox-3.6.17-0.1mdv2009.0.x86_64.rpm
e77f3b52a818b35b3b06f6a441221022 2009.0/x86_64/firefox-af-3.6.17-0.1mdv2009.0.x86_64.rpm
ca49e550e4970bd20ec5e13d455b7657 2009.0/x86_64/firefox-ar-3.6.17-0.1mdv2009.0.x86_64.rpm
85ab3b431c7de6d7346f2af80724a1e3 2009.0/x86_64/firefox-be-3.6.17-0.1mdv2009.0.x86_64.rpm
9ac78224cc072b8a865eb57ccb44424d 2009.0/x86_64/firefox-bg-3.6.17-0.1mdv2009.0.x86_64.rpm
730388eccf9f9828f64af196ee86c5a6 2009.0/x86_64/firefox-bn-3.6.17-0.1mdv2009.0.x86_64.rpm
58a3decd3e3a3886a19dc40fb820941b 2009.0/x86_64/firefox-ca-3.6.17-0.1mdv2009.0.x86_64.rpm
5a90624d3518ba36ec55eb2a6420204b 2009.0/x86_64/firefox-cs-3.6.17-0.1mdv2009.0.x86_64.rpm
db24b27132cb8dca3ea45ebcb6071712 2009.0/x86_64/firefox-cy-3.6.17-0.1mdv2009.0.x86_64.rpm
a022a90fe3a6cca94340efcecb5001fe 2009.0/x86_64/firefox-da-3.6.17-0.1mdv2009.0.x86_64.rpm
4d59bf79a75d8213efc9a8f42357c4fe 2009.0/x86_64/firefox-de-3.6.17-0.1mdv2009.0.x86_64.rpm
b20662cb8b1635f251d57a0833f9093e 2009.0/x86_64/firefox-devel-3.6.17-0.1mdv2009.0.x86_64.rpm
4c4cff9e136d5174633caf87334cd9cb 2009.0/x86_64/firefox-el-3.6.17-0.1mdv2009.0.x86_64.rpm
93bf8ba5a8e93c7006811d353d4c4f3d 2009.0/x86_64/firefox-en_GB-3.6.17-0.1mdv2009.0.x86_64.rpm
a8b2021a6a9677c75f8ed5af7ccf9093 2009.0/x86_64/firefox-eo-3.6.17-0.1mdv2009.0.x86_64.rpm
60ae56632071590bb7b0d1f0f6a7671a 2009.0/x86_64/firefox-es_AR-3.6.17-0.1mdv2009.0.x86_64.rpm
601891ab9929ccf4ddea627b466642b5 2009.0/x86_64/firefox-es_ES-3.6.17-0.1mdv2009.0.x86_64.rpm
b23dc67128474e77c02569ed3cf3d03c 2009.0/x86_64/firefox-et-3.6.17-0.1mdv2009.0.x86_64.rpm
d6a6ade1469d07ea53dc0a80cd1e3ca6 2009.0/x86_64/firefox-eu-3.6.17-0.1mdv2009.0.x86_64.rpm
5b00c95f5af2960e0ae8885f81b14453 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.36mdv2009.0.x86_64.rpm
aa8b9f39a32280974cb7d37ef0f3365b 2009.0/x86_64/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.x86_64.rpm
90af6af5192a0523b7ca543d9b4f4d48 2009.0/x86_64/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.x86_64.rpm
2ef1da56893a9ee8808c8e8a40f2855b 2009.0/x86_64/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.x86_64.rpm
ece9cf46ad4b8968b4804f58b9eede04 2009.0/x86_64/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.x86_64.rpm
c3be652781ea8fc04dd51009765a2018 2009.0/x86_64/firefox-fi-3.6.17-0.1mdv2009.0.x86_64.rpm
73b6dfa12df8d2f6d904a429a45aac6a 2009.0/x86_64/firefox-fr-3.6.17-0.1mdv2009.0.x86_64.rpm
88836378097f79cef65b842a71cc4e69 2009.0/x86_64/firefox-fy-3.6.17-0.1mdv2009.0.x86_64.rpm
daa588318b69ee3223f472545e4a150c 2009.0/x86_64/firefox-ga_IE-3.6.17-0.1mdv2009.0.x86_64.rpm
1c0759836da6bd094788eef5120db5b1 2009.0/x86_64/firefox-gl-3.6.17-0.1mdv2009.0.x86_64.rpm
fe4b9531eeb1fcbb37de47c73464abea 2009.0/x86_64/firefox-gu_IN-3.6.17-0.1mdv2009.0.x86_64.rpm
a5981a499f181f788316c4580589ef2e 2009.0/x86_64/firefox-he-3.6.17-0.1mdv2009.0.x86_64.rpm
2550f09a264ffd4f60152fb310be2900 2009.0/x86_64/firefox-hi-3.6.17-0.1mdv2009.0.x86_64.rpm
d1fbfc46c8f06b45959c5838e28a23aa 2009.0/x86_64/firefox-hu-3.6.17-0.1mdv2009.0.x86_64.rpm
aaadb1c087eefe50e4bc877477abac4c 2009.0/x86_64/firefox-id-3.6.17-0.1mdv2009.0.x86_64.rpm
3314496029094186ee870f310ecab2f7 2009.0/x86_64/firefox-is-3.6.17-0.1mdv2009.0.x86_64.rpm
76dbab7b062c0bd4907c91c322c9a183 2009.0/x86_64/firefox-it-3.6.17-0.1mdv2009.0.x86_64.rpm
c711dc2be8d7dc6b47680894e01da605 2009.0/x86_64/firefox-ja-3.6.17-0.1mdv2009.0.x86_64.rpm
527f62d56b9bb634de9c84317f570591 2009.0/x86_64/firefox-ka-3.6.17-0.1mdv2009.0.x86_64.rpm
6c51c819e5abc19f5d8f02efce3ba226 2009.0/x86_64/firefox-kn-3.6.17-0.1mdv2009.0.x86_64.rpm
a3ab45d4da1be8b26dcbd457a3e9d3f9 2009.0/x86_64/firefox-ko-3.6.17-0.1mdv2009.0.x86_64.rpm
2e176ce5348d910c8057bc5563faf41c 2009.0/x86_64/firefox-ku-3.6.17-0.1mdv2009.0.x86_64.rpm
dab82375106ffe486f47be236f8cb969 2009.0/x86_64/firefox-lt-3.6.17-0.1mdv2009.0.x86_64.rpm
48432620c19fe9808f84c5d1d38d21fe 2009.0/x86_64/firefox-lv-3.6.17-0.1mdv2009.0.x86_64.rpm
79182359d527104abc378941ccf75fad 2009.0/x86_64/firefox-mk-3.6.17-0.1mdv2009.0.x86_64.rpm
cd492f6fc1b5f36bb4826f728434c6af 2009.0/x86_64/firefox-mr-3.6.17-0.1mdv2009.0.x86_64.rpm
01d8a87704b226b740c723f08ecc2d65 2009.0/x86_64/firefox-nb_NO-3.6.17-0.1mdv2009.0.x86_64.rpm
d7312e9a8d543937d317c1d59b3a34a1 2009.0/x86_64/firefox-nl-3.6.17-0.1mdv2009.0.x86_64.rpm
85d01cb0516ecb676564b1054fda683d 2009.0/x86_64/firefox-nn_NO-3.6.17-0.1mdv2009.0.x86_64.rpm
bb0810bd066ae8e63a58764a87e4d820 2009.0/x86_64/firefox-oc-3.6.17-0.1mdv2009.0.x86_64.rpm
ddd12841f0c0f4601a4e06d2ceb2f677 2009.0/x86_64/firefox-pa_IN-3.6.17-0.1mdv2009.0.x86_64.rpm
12ac4b4f1e269138d250ca3644a1b36a 2009.0/x86_64/firefox-pl-3.6.17-0.1mdv2009.0.x86_64.rpm
ae0839d18977a11b8f9dcafab4d37ad9 2009.0/x86_64/firefox-pt_BR-3.6.17-0.1mdv2009.0.x86_64.rpm
30f7df0cf5761ecbcd9c741e4766680e 2009.0/x86_64/firefox-pt_PT-3.6.17-0.1mdv2009.0.x86_64.rpm
9cc05af0f3a3f2d3d36cc7d2bb74660a 2009.0/x86_64/firefox-ro-3.6.17-0.1mdv2009.0.x86_64.rpm
f1044bb9e20f353e4fc648bf0501524d 2009.0/x86_64/firefox-ru-3.6.17-0.1mdv2009.0.x86_64.rpm
84fd90488b116a7dd26787d5416b6b12 2009.0/x86_64/firefox-si-3.6.17-0.1mdv2009.0.x86_64.rpm
ac187a0b46b8c1c9dc57d3ce86382dfb 2009.0/x86_64/firefox-sk-3.6.17-0.1mdv2009.0.x86_64.rpm
19102a390fef503416f6f38f53bece23 2009.0/x86_64/firefox-sl-3.6.17-0.1mdv2009.0.x86_64.rpm
cc1d2bdfb6f76c667aeb1394560c9f08 2009.0/x86_64/firefox-sq-3.6.17-0.1mdv2009.0.x86_64.rpm
29900dc6cc095ac318cc64e72edd4d8b 2009.0/x86_64/firefox-sr-3.6.17-0.1mdv2009.0.x86_64.rpm
b76ad7b6ddf7684a939bcea888d4a432 2009.0/x86_64/firefox-sv_SE-3.6.17-0.1mdv2009.0.x86_64.rpm
1a8c696020c195c83f64aca80bf731eb 2009.0/x86_64/firefox-te-3.6.17-0.1mdv2009.0.x86_64.rpm
239684a41f202c5edbcbf6217909e818 2009.0/x86_64/firefox-th-3.6.17-0.1mdv2009.0.x86_64.rpm
3c289ecc5ac769c4b18a381f6c8e363e 2009.0/x86_64/firefox-theme-kfirefox-0.16-0.13mdv2009.0.x86_64.rpm
3770e9c29be81d282b766d776a392a4f 2009.0/x86_64/firefox-tr-3.6.17-0.1mdv2009.0.x86_64.rpm
e1c6942f3f842ae7551c96283c26e72d 2009.0/x86_64/firefox-uk-3.6.17-0.1mdv2009.0.x86_64.rpm
aa519f7229db7d3dfdc217d613ebdea0 2009.0/x86_64/firefox-zh_CN-3.6.17-0.1mdv2009.0.x86_64.rpm
2e01ab4446c233d7a4e89ed1c4859274 2009.0/x86_64/firefox-zh_TW-3.6.17-0.1mdv2009.0.x86_64.rpm
39cf269b29e518aa8db16a99a43c18d7 2009.0/x86_64/gnome-python-extras-2.19.1-20.27mdv2009.0.x86_64.rpm
b0ba6358ad186d93f5cf23984acdd288 2009.0/x86_64/gnome-python-gda-2.19.1-20.27mdv2009.0.x86_64.rpm
c5b9d792230aea0602d696a650cf76ff 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.27mdv2009.0.x86_64.rpm
b882a6e641aad7bc507beda9af730d9d 2009.0/x86_64/gnome-python-gdl-2.19.1-20.27mdv2009.0.x86_64.rpm
7fa08a97cbe98f8ad9707cb401ceef7d 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.27mdv2009.0.x86_64.rpm
c577a096e7c627e2910d3d476a94ec95 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.27mdv2009.0.x86_64.rpm
aefafa2fbaa7fdfb1ae7e7d484feb84b 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.27mdv2009.0.x86_64.rpm
6a4dae7f9c6b44e6c11718dce617ba4e 2009.0/x86_64/lemon-3.7.4-0.1mdv2009.0.x86_64.rpm
4befda2bfc13c141078f3b6f157ef014 2009.0/x86_64/lib64devhelp-1_0-0.21-3.25mdv2009.0.x86_64.rpm
91e5fc566a17eadf4c587ce1a7bc014b 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.25mdv2009.0.x86_64.rpm
4b9faa7ba8fb0ef518ee214debf823ea 2009.0/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2009.0.x86_64.rpm
26e89fde1f2ddfa51157f246a7a8148a 2009.0/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2009.0.x86_64.rpm
588a88e71749159790ab8f66f1a4b4e8 2009.0/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2009.0.x86_64.rpm
abe638f2b42c8dff52fd47344d5202c5 2009.0/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0.x86_64.rpm
368987069ca85079fbd58ec5a3fe503a 2009.0/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2009.0.x86_64.rpm
ac35d16e378e015d39049265a1064ca6 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.36mdv2009.0.x86_64.rpm
12295dfafb906d07b16e21d0773bd24a 2009.0/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2009.0.x86_64.rpm
cea2bac5a44774587ec4605f1cb97cbf 2009.0/x86_64/xulrunner-1.9.2.17-0.1mdv2009.0.x86_64.rpm
47f4aca2ef52ab69ac4bb90585e244f3 2009.0/x86_64/yelp-2.24.0-3.28mdv2009.0.x86_64.rpm
0972d520d57df45393b0aef2da4b12ee 2009.0/SRPMS/beagle-0.3.8-13.36mdv2009.0.src.rpm
3f8b8f723797f0fbbb5e0264bac2bfbf 2009.0/SRPMS/devhelp-0.21-3.25mdv2009.0.src.rpm
ebbdbeb5e3ccb2fe3f424a327eb475ef 2009.0/SRPMS/epiphany-2.24.3-0.14mdv2009.0.src.rpm
3350215ced82f1bcf19a8e8188bf0a61 2009.0/SRPMS/firefox-3.6.17-0.1mdv2009.0.src.rpm
f11029532df82e7923c4b096af98d3f0 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.src.rpm
5aca99c0285a4412ecf02cf6bf946801 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.src.rpm
dbb411ce9ba2dc5416b53aea4c6641ae 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.src.rpm
96e289aef5dd3795e776125a93b9a11e 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.src.rpm
8681188142a3360b17eae804219d934e 2009.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2009.0.src.rpm
0b632cc0d32c20cb4c7458c7c20b0bcf 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.13mdv2009.0.src.rpm
82b1d9b926a7a183edd6ee0b39ee9fd8 2009.0/SRPMS/gnome-python-extras-2.19.1-20.27mdv2009.0.src.rpm
5bffe9ac14aabf83ea8b5c79f0e8e33f 2009.0/SRPMS/lemon-3.7.4-0.1mdv2009.0.src.rpm
aa8e2dcac3269d9836f3dade77086e7f 2009.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2009.0.src.rpm
fba6a9ca071ee5648b373d678d67e352 2009.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2009.0.src.rpm
4dc1a3719ef51d45d3af0be61950aef7 2009.0/SRPMS/yelp-2.24.0-3.28mdv2009.0.src.rpm
Mandriva Linux 2010.0:
b6a1e9e5b9e25830e9b7078924d2696e 2010.0/i586/beagle-0.3.9-20.24mdv2010.0.i586.rpm
c157386b79eec41001dcae8b9133af69 2010.0/i586/beagle-crawl-system-0.3.9-20.24mdv2010.0.i586.rpm
4aef4afd0e9651ddad72b188b9351a42 2010.0/i586/beagle-doc-0.3.9-20.24mdv2010.0.i586.rpm
8832c1286824ae275dd9aa35e3ac4f1d 2010.0/i586/beagle-evolution-0.3.9-20.24mdv2010.0.i586.rpm
0e39eb8c59a596efa9315606059a1760 2010.0/i586/beagle-gui-0.3.9-20.24mdv2010.0.i586.rpm
b6151aa5af9cd0a36ec8b164a0c90df4 2010.0/i586/beagle-gui-qt-0.3.9-20.24mdv2010.0.i586.rpm
e21eb5e62627f34b63ef80efa85adce2 2010.0/i586/beagle-libs-0.3.9-20.24mdv2010.0.i586.rpm
ce2e2fb2ac7223bdd59994a3ac2dc718 2010.0/i586/firefox-3.6.17-0.1mdv2010.0.i586.rpm
c5d163ba6817bc2b58baa0c6aaade18f 2010.0/i586/firefox-af-3.6.17-0.1mdv2010.0.i586.rpm
309d34256461d7ced6f0f25e48a56ef4 2010.0/i586/firefox-ar-3.6.17-0.1mdv2010.0.i586.rpm
58abfbf8f8050c0b0964922770d41aa3 2010.0/i586/firefox-be-3.6.17-0.1mdv2010.0.i586.rpm
ec582b11ef9394620eaed6132d84d839 2010.0/i586/firefox-bg-3.6.17-0.1mdv2010.0.i586.rpm
8093a30d51889561b62eed0f6a4d4e52 2010.0/i586/firefox-bn-3.6.17-0.1mdv2010.0.i586.rpm
f104f48ecae85588e16845d7765cce61 2010.0/i586/firefox-ca-3.6.17-0.1mdv2010.0.i586.rpm
6a01b14ba6add339b15a1703508c491f 2010.0/i586/firefox-cs-3.6.17-0.1mdv2010.0.i586.rpm
d2b01ad5090cb85cb1ee0c7ddae02e9c 2010.0/i586/firefox-cy-3.6.17-0.1mdv2010.0.i586.rpm
d78c752aee982cadd936955e84a37129 2010.0/i586/firefox-da-3.6.17-0.1mdv2010.0.i586.rpm
8009736a3b595f259ed36676cfc1adcf 2010.0/i586/firefox-de-3.6.17-0.1mdv2010.0.i586.rpm
cc2f5a0e41a84919685a390e50869193 2010.0/i586/firefox-devel-3.6.17-0.1mdv2010.0.i586.rpm
1f38c9f900932be64993471dd7cfa87d 2010.0/i586/firefox-el-3.6.17-0.1mdv2010.0.i586.rpm
620c598a6201f155fb66b8e8d71253bf 2010.0/i586/firefox-en_GB-3.6.17-0.1mdv2010.0.i586.rpm
44fdf2af3b0ac2497a2dccd3fe4fa6d1 2010.0/i586/firefox-eo-3.6.17-0.1mdv2010.0.i586.rpm
9bf9966d1fa20ca0a3b320e9eb67b3fb 2010.0/i586/firefox-es_AR-3.6.17-0.1mdv2010.0.i586.rpm
c1afe2347d18c52e07322b4fc8cd625e 2010.0/i586/firefox-es_ES-3.6.17-0.1mdv2010.0.i586.rpm
d3ddf4f0650d7faf3398c58e6f4abb9e 2010.0/i586/firefox-et-3.6.17-0.1mdv2010.0.i586.rpm
41c4ffc76147f9b79952a7372b22bfa4 2010.0/i586/firefox-eu-3.6.17-0.1mdv2010.0.i586.rpm
ad261fd5e248f592a1d84ecd3f99c8f8 2010.0/i586/firefox-ext-beagle-0.3.9-20.24mdv2010.0.i586.rpm
a7934e327f7c6b0faa8dd81e74b0bbba 2010.0/i586/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.i586.rpm
b0a87ee3ea58549813ce53682528e344 2010.0/i586/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.i586.rpm
d5d1ca07987bd14a6d28b89323ac7f6d 2010.0/i586/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.i586.rpm
458d326026b0ceb126e1881aede8c066 2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.i586.rpm
c7d22e1864faceeb962dd67fbdf21335 2010.0/i586/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.i586.rpm
ad519aa8884647ff54ac422549d7b16e 2010.0/i586/firefox-fi-3.6.17-0.1mdv2010.0.i586.rpm
b49e76476d75bad4b27770a57a04df23 2010.0/i586/firefox-fr-3.6.17-0.1mdv2010.0.i586.rpm
2fe7eb8092c120755c032e56748aa9b7 2010.0/i586/firefox-fy-3.6.17-0.1mdv2010.0.i586.rpm
ce5815c669402fd42bc07d44d93c66d3 2010.0/i586/firefox-ga_IE-3.6.17-0.1mdv2010.0.i586.rpm
bba69242827e981627211b2b5eb68931 2010.0/i586/firefox-gl-3.6.17-0.1mdv2010.0.i586.rpm
ed338554b350057694e2a6c2d224b387 2010.0/i586/firefox-gu_IN-3.6.17-0.1mdv2010.0.i586.rpm
1b7dc5cab758801b82ac1c242da6d59c 2010.0/i586/firefox-he-3.6.17-0.1mdv2010.0.i586.rpm
007af7a298d36f8895fba605aac15803 2010.0/i586/firefox-hi-3.6.17-0.1mdv2010.0.i586.rpm
476f6ac627f82fc7f7c5543f56482796 2010.0/i586/firefox-hu-3.6.17-0.1mdv2010.0.i586.rpm
88f193ba3b7d0bef97eaac7857293a8f 2010.0/i586/firefox-id-3.6.17-0.1mdv2010.0.i586.rpm
d0330a0dd7dcbd3daca42525454994ec 2010.0/i586/firefox-is-3.6.17-0.1mdv2010.0.i586.rpm
b261438d53f2f8434efe2b95f7e8d954 2010.0/i586/firefox-it-3.6.17-0.1mdv2010.0.i586.rpm
3d5900d3faefb015dcb0a4d62ef16ebe 2010.0/i586/firefox-ja-3.6.17-0.1mdv2010.0.i586.rpm
292b801681eb21ecbf5778abcff89188 2010.0/i586/firefox-ka-3.6.17-0.1mdv2010.0.i586.rpm
8f540c760b340206cc3bd17698ee88df 2010.0/i586/firefox-kn-3.6.17-0.1mdv2010.0.i586.rpm
c8854d6714259850dc92f7fbe6dd17dd 2010.0/i586/firefox-ko-3.6.17-0.1mdv2010.0.i586.rpm
2772412e7edd00b8174f9638cec5db4f 2010.0/i586/firefox-ku-3.6.17-0.1mdv2010.0.i586.rpm
44ad30a9e5c3b2bd10371fba4ed4d2b9 2010.0/i586/firefox-lt-3.6.17-0.1mdv2010.0.i586.rpm
ed093c9f9630d13a227371a1f62495a1 2010.0/i586/firefox-lv-3.6.17-0.1mdv2010.0.i586.rpm
00712ffbbdbe194ed03bef8a891e4e57 2010.0/i586/firefox-mk-3.6.17-0.1mdv2010.0.i586.rpm
8c8a612931c31d49fc3f4ae351cd26e3 2010.0/i586/firefox-mr-3.6.17-0.1mdv2010.0.i586.rpm
91ad5facd01c4c4bd31790ca40a640ca 2010.0/i586/firefox-nb_NO-3.6.17-0.1mdv2010.0.i586.rpm
b00a5e35e6ac55f895b8f6916f79bde7 2010.0/i586/firefox-nl-3.6.17-0.1mdv2010.0.i586.rpm
0ee6b29ecb2a12136b11c0608360a0a8 2010.0/i586/firefox-nn_NO-3.6.17-0.1mdv2010.0.i586.rpm
e79fa37b9006461f4d0ba003b4da69b9 2010.0/i586/firefox-oc-3.6.17-0.1mdv2010.0.i586.rpm
af2a2946979a450cf150eff6f2aeca15 2010.0/i586/firefox-pa_IN-3.6.17-0.1mdv2010.0.i586.rpm
e2a5272606e7048adadee10f39fbe98f 2010.0/i586/firefox-pl-3.6.17-0.1mdv2010.0.i586.rpm
735f3400c0570124a70792715503ff69 2010.0/i586/firefox-pt_BR-3.6.17-0.1mdv2010.0.i586.rpm
56d8fe829854b44f4a9d7a3dad7f08e8 2010.0/i586/firefox-pt_PT-3.6.17-0.1mdv2010.0.i586.rpm
db9d45c53a5ea7311dab8b6dd3136f5b 2010.0/i586/firefox-ro-3.6.17-0.1mdv2010.0.i586.rpm
16cd0acaf4cc9de46f7df27668f804c7 2010.0/i586/firefox-ru-3.6.17-0.1mdv2010.0.i586.rpm
9c79daeb7907e1050f55c77a78e68cc1 2010.0/i586/firefox-si-3.6.17-0.1mdv2010.0.i586.rpm
b6d4b76f9ff21b0800839c049df430a6 2010.0/i586/firefox-sk-3.6.17-0.1mdv2010.0.i586.rpm
3826c8dea2da5b4114f440427b95e8b4 2010.0/i586/firefox-sl-3.6.17-0.1mdv2010.0.i586.rpm
db491650aba41efba6874835f093f4db 2010.0/i586/firefox-sq-3.6.17-0.1mdv2010.0.i586.rpm
d87fc741560c434ebf78d91df37d69c6 2010.0/i586/firefox-sr-3.6.17-0.1mdv2010.0.i586.rpm
4c2c8bf680e06a814ba26c9cf03f513c 2010.0/i586/firefox-sv_SE-3.6.17-0.1mdv2010.0.i586.rpm
2a2b280eb345b0c3f477916b9b739fe6 2010.0/i586/firefox-te-3.6.17-0.1mdv2010.0.i586.rpm
3d472d3c27158912b8aa5dfada66e6cd 2010.0/i586/firefox-th-3.6.17-0.1mdv2010.0.i586.rpm
593aabf00e5d3904c10a970adf428888 2010.0/i586/firefox-theme-kfirefox-0.16-7.18mdv2010.0.i586.rpm
59701c68cba8f4e64e7f522a3416b963 2010.0/i586/firefox-tr-3.6.17-0.1mdv2010.0.i586.rpm
c8a8962b397b0bd4cf92b294d8f213ea 2010.0/i586/firefox-uk-3.6.17-0.1mdv2010.0.i586.rpm
c802454f74a74d2fd062d356a10cd9fe 2010.0/i586/firefox-zh_CN-3.6.17-0.1mdv2010.0.i586.rpm
54ffb1d848372e37673ee5f0916d87a9 2010.0/i586/firefox-zh_TW-3.6.17-0.1mdv2010.0.i586.rpm
e6bb0b44e75dc31a1398d8f1be3b9c05 2010.0/i586/gnome-python-extras-2.25.3-10.19mdv2010.0.i586.rpm
cb3a68a90b06a8a3b1b7c4225e6a2434 2010.0/i586/gnome-python-gda-2.25.3-10.19mdv2010.0.i586.rpm
04800b57661c14843f9cb30a0bc492e8 2010.0/i586/gnome-python-gda-devel-2.25.3-10.19mdv2010.0.i586.rpm
6425c25026893e92066095be60cc4c68 2010.0/i586/gnome-python-gdl-2.25.3-10.19mdv2010.0.i586.rpm
b399a0ddd65dd348f3d28bacd9c10969 2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.19mdv2010.0.i586.rpm
316d34952b6a1ae3f6fc688684008621 2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.19mdv2010.0.i586.rpm
f291f9d540696b985058fed2bcb43f3b 2010.0/i586/gnome-python-gtkspell-2.25.3-10.19mdv2010.0.i586.rpm
03ad25d77e26d447e2eeb2172c983b70 2010.0/i586/google-gadgets-common-0.11.2-0.14mdv2010.0.i586.rpm
2668802eab633e4985ee7d5cae705998 2010.0/i586/google-gadgets-gtk-0.11.2-0.14mdv2010.0.i586.rpm
8934c0ddb3f6fadac35b13daf5d385b9 2010.0/i586/google-gadgets-qt-0.11.2-0.14mdv2010.0.i586.rpm
cd109c50db0909b76bca45f7733b5d6e 2010.0/i586/lemon-3.7.4-0.1mdv2010.0.i586.rpm
591d040f58de2df829386de1f7e46afd 2010.0/i586/libggadget1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
0ed830c0e017bf6daebe06e0a4fc130f 2010.0/i586/libggadget-dbus1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
eb51fb7f24b1af033488d8123dd63355 2010.0/i586/libggadget-gtk1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
e092bd005bf25082a3cd965658c44882 2010.0/i586/libggadget-js1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
b22e2ac3a4dc918fae6afb4c38f83be7 2010.0/i586/libggadget-npapi1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
e130ea57c3a32005f202924643467014 2010.0/i586/libggadget-qt1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
a28b0faef4a1c9f10126abf5e2e263a8 2010.0/i586/libggadget-webkitjs0-0.11.2-0.14mdv2010.0.i586.rpm
1954487379222ae6d2900f049d9c5d8e 2010.0/i586/libggadget-xdg1.0_0-0.11.2-0.14mdv2010.0.i586.rpm
a142592d9ad77cbd49cdaaccbaf18ab2 2010.0/i586/libgoogle-gadgets-devel-0.11.2-0.14mdv2010.0.i586.rpm
7439c4f59d7c3e3c0c4053c8497c686d 2010.0/i586/libopensc2-0.11.9-1.19mdv2010.0.i586.rpm
000a04f5477c2191dd18aee1028658c0 2010.0/i586/libopensc-devel-0.11.9-1.19mdv2010.0.i586.rpm
d108f2a27ec1602a8e3abfe85a6dd9c4 2010.0/i586/libsqlite3_0-3.7.6.2-0.1mdv2010.0.i586.rpm
25ec3dae2efdd5df8f02daf19aade1b6 2010.0/i586/libsqlite3-devel-3.7.6.2-0.1mdv2010.0.i586.rpm
98115a0368c0fff061a7c6b03ff970a6 2010.0/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2010.0.i586.rpm
306b910536bbcf02d9388bbac370cc14 2010.0/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0.i586.rpm
3a0ab7f87d735b2788978ca7bbe21655 2010.0/i586/libxulrunner-devel-1.9.2.17-0.1mdv2010.0.i586.rpm
5d733fb6ef9990d58bc260520c2a952c 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.19mdv2010.0.i586.rpm
b5e5a4ff8c718c494776e9fcf387d846 2010.0/i586/mozilla-thunderbird-beagle-0.3.9-20.24mdv2010.0.i586.rpm
d40e17498c9b2969d53b636f1512a981 2010.0/i586/opensc-0.11.9-1.19mdv2010.0.i586.rpm
f59e41d761d46dd8ae5f0848c1268aba 2010.0/i586/sqlite3-tools-3.7.6.2-0.1mdv2010.0.i586.rpm
dc8db442ddcdefb7aa85e8b7a2bd1bc1 2010.0/i586/xulrunner-1.9.2.17-0.1mdv2010.0.i586.rpm
aa33ff3f1ad317179dfa58784edc5b84 2010.0/i586/yelp-2.28.0-1.21mdv2010.0.i586.rpm
872f3f5473c99556ba3676a2087618ac 2010.0/SRPMS/beagle-0.3.9-20.24mdv2010.0.src.rpm
eb7c8b9b8b19f6cf7dab54a0128a7c3b 2010.0/SRPMS/firefox-3.6.17-0.1mdv2010.0.src.rpm
b8a28536c5f5b90e1e56fcbccc0f7828 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.src.rpm
0203c855fea4ad16b8bf3490c28a522a 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.src.rpm
b01922e0aef070ea95b6fa98945fb685 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.src.rpm
16b3eb2d5945df96a9768051a3093b04 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.src.rpm
4e57990dc20e6089157a02b0dd7bad97 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.src.rpm
1e3f69cadbe70bffd1c7f7220f11792c 2010.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.0.src.rpm
13d4fc5888b6dc2c2b7347de5ffe6282 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.18mdv2010.0.src.rpm
43f53231379e4b1ef09b31f24d329448 2010.0/SRPMS/gnome-python-extras-2.25.3-10.19mdv2010.0.src.rpm
15ead6d66f9b662b9a02a970717a5063 2010.0/SRPMS/google-gadgets-0.11.2-0.14mdv2010.0.src.rpm
24971ad45f4df34e024b071415dfe672 2010.0/SRPMS/lemon-3.7.4-0.1mdv2010.0.src.rpm
23959d528a982971b2f7e9016c3789b4 2010.0/SRPMS/opensc-0.11.9-1.19mdv2010.0.src.rpm
9de0929e70ecda34752e0ab536491e15 2010.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.0.src.rpm
5983d5c4fe3694a9875e836334d73d98 2010.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.0.src.rpm
4a673f357f57178cc398edbe72b749a9 2010.0/SRPMS/yelp-2.28.0-1.21mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
3858b66b72089446d943bcef027f17e1 2010.0/x86_64/beagle-0.3.9-20.24mdv2010.0.x86_64.rpm
2f64fc068b962ed27dffbd3166e3f13d 2010.0/x86_64/beagle-crawl-system-0.3.9-20.24mdv2010.0.x86_64.rpm
a5d8e8855f04448778a942dc69e4e9ee 2010.0/x86_64/beagle-doc-0.3.9-20.24mdv2010.0.x86_64.rpm
60865274682f6fe2425b49bef9d7e125 2010.0/x86_64/beagle-evolution-0.3.9-20.24mdv2010.0.x86_64.rpm
b19d9d4b3a1e4b49e70f02da179f8bcf 2010.0/x86_64/beagle-gui-0.3.9-20.24mdv2010.0.x86_64.rpm
53990e7b90d7feaa22a992ed3c69197f 2010.0/x86_64/beagle-gui-qt-0.3.9-20.24mdv2010.0.x86_64.rpm
f0b3683737da726c0aed135fea2bf4ce 2010.0/x86_64/beagle-libs-0.3.9-20.24mdv2010.0.x86_64.rpm
093d44feb8368dd263d0877bcbde1555 2010.0/x86_64/firefox-3.6.17-0.1mdv2010.0.x86_64.rpm
7e3799f4a5ca1eceb6d1fd4eca83afd0 2010.0/x86_64/firefox-af-3.6.17-0.1mdv2010.0.x86_64.rpm
f4b0c8b86490fdf9a9c25974a92689ca 2010.0/x86_64/firefox-ar-3.6.17-0.1mdv2010.0.x86_64.rpm
57ffe1be3cdd0af944259ed114231810 2010.0/x86_64/firefox-be-3.6.17-0.1mdv2010.0.x86_64.rpm
8aeadd5d3e3e47715d51ea3a82843128 2010.0/x86_64/firefox-bg-3.6.17-0.1mdv2010.0.x86_64.rpm
ff79968fce36b922b8d98e0eb9b816c8 2010.0/x86_64/firefox-bn-3.6.17-0.1mdv2010.0.x86_64.rpm
d09d62f420535517de8bf4541b3a8fec 2010.0/x86_64/firefox-ca-3.6.17-0.1mdv2010.0.x86_64.rpm
af07bb511e838122ffc241b2209e580e 2010.0/x86_64/firefox-cs-3.6.17-0.1mdv2010.0.x86_64.rpm
d2e567af634fb4000251ae2c28bfbd60 2010.0/x86_64/firefox-cy-3.6.17-0.1mdv2010.0.x86_64.rpm
0d86423290f5f10c717e7535e80a3617 2010.0/x86_64/firefox-da-3.6.17-0.1mdv2010.0.x86_64.rpm
6771eac9d9f1b5d3b93dea3fa1eddb43 2010.0/x86_64/firefox-de-3.6.17-0.1mdv2010.0.x86_64.rpm
149d869189abd70972ff431b3fa8c30d 2010.0/x86_64/firefox-devel-3.6.17-0.1mdv2010.0.x86_64.rpm
238759b4136c3b9265bbcb9e0be9bb5f 2010.0/x86_64/firefox-el-3.6.17-0.1mdv2010.0.x86_64.rpm
5b3990e5fd90c56b711a836669d201a3 2010.0/x86_64/firefox-en_GB-3.6.17-0.1mdv2010.0.x86_64.rpm
b672e3ff071c07ab7f177c20328db06f 2010.0/x86_64/firefox-eo-3.6.17-0.1mdv2010.0.x86_64.rpm
4b9a27c7bdcb609968c82eaf20b5aee7 2010.0/x86_64/firefox-es_AR-3.6.17-0.1mdv2010.0.x86_64.rpm
9ac337f09f15f9b3a1322630167d4ac6 2010.0/x86_64/firefox-es_ES-3.6.17-0.1mdv2010.0.x86_64.rpm
c880f83263f5fa4a1c52dcdaf2c5e861 2010.0/x86_64/firefox-et-3.6.17-0.1mdv2010.0.x86_64.rpm
1ddd1520b4f8b9218650aa613918a33c 2010.0/x86_64/firefox-eu-3.6.17-0.1mdv2010.0.x86_64.rpm
8214d724c4ae2a82b3698dc8d657fe10 2010.0/x86_64/firefox-ext-beagle-0.3.9-20.24mdv2010.0.x86_64.rpm
fe0be0de58803f286786cd0e9c889ee6 2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.x86_64.rpm
304a74743e71b80d8bd13ce2a394985d 2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.x86_64.rpm
9d4f9089e453c405327804fe295009a8 2010.0/x86_64/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.x86_64.rpm
b803bbf7342e3af31538727458c9f90e 2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.x86_64.rpm
9cf49c740dd4865a1564b33b7a41d585 2010.0/x86_64/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.x86_64.rpm
24e754bed0908dc1f951803e707ce567 2010.0/x86_64/firefox-fi-3.6.17-0.1mdv2010.0.x86_64.rpm
79d473fe7d47dabac82fad423557513c 2010.0/x86_64/firefox-fr-3.6.17-0.1mdv2010.0.x86_64.rpm
902c5eac74afbdb862c1b2cfb0c21ef0 2010.0/x86_64/firefox-fy-3.6.17-0.1mdv2010.0.x86_64.rpm
5b064f04e0c27f27ae69a6e8e4cdbf7f 2010.0/x86_64/firefox-ga_IE-3.6.17-0.1mdv2010.0.x86_64.rpm
fffe860a112c49980994d476b793eb53 2010.0/x86_64/firefox-gl-3.6.17-0.1mdv2010.0.x86_64.rpm
a52c856435cb5c50b8ae2155928b5244 2010.0/x86_64/firefox-gu_IN-3.6.17-0.1mdv2010.0.x86_64.rpm
05ea1476c038511a2b4a46034c6ab290 2010.0/x86_64/firefox-he-3.6.17-0.1mdv2010.0.x86_64.rpm
9273f6a64382ba0dc683fa32e61f1bb2 2010.0/x86_64/firefox-hi-3.6.17-0.1mdv2010.0.x86_64.rpm
4ef3c6fccb7d7bf5b4c0f11abceaf0f5 2010.0/x86_64/firefox-hu-3.6.17-0.1mdv2010.0.x86_64.rpm
0346f17a58b3a444c02fd35fba01458a 2010.0/x86_64/firefox-id-3.6.17-0.1mdv2010.0.x86_64.rpm
2318d466a80d30bf6f2e985647010faa 2010.0/x86_64/firefox-is-3.6.17-0.1mdv2010.0.x86_64.rpm
9a6d1f0e13346155bd81fc3340f89890 2010.0/x86_64/firefox-it-3.6.17-0.1mdv2010.0.x86_64.rpm
63cebbb431c2915c86c4d5c22c5f154a 2010.0/x86_64/firefox-ja-3.6.17-0.1mdv2010.0.x86_64.rpm
c384ffcffcd6e3ad4536183ccf5bcd9f 2010.0/x86_64/firefox-ka-3.6.17-0.1mdv2010.0.x86_64.rpm
b6ee1fefececab34c485fff2bb2e0340 2010.0/x86_64/firefox-kn-3.6.17-0.1mdv2010.0.x86_64.rpm
b0ae37fdeff27404b04b97e4f25b3286 2010.0/x86_64/firefox-ko-3.6.17-0.1mdv2010.0.x86_64.rpm
18bd8f78a8172bbca00432df5d8ab6a2 2010.0/x86_64/firefox-ku-3.6.17-0.1mdv2010.0.x86_64.rpm
06432e71e5f7721c08dc958d3da8db23 2010.0/x86_64/firefox-lt-3.6.17-0.1mdv2010.0.x86_64.rpm
73d6ca4e1e5b5ccb8b2699f985eb46e4 2010.0/x86_64/firefox-lv-3.6.17-0.1mdv2010.0.x86_64.rpm
4d367666ed89679260e7d8c2f747c1cf 2010.0/x86_64/firefox-mk-3.6.17-0.1mdv2010.0.x86_64.rpm
ee7c636c3f90c90448117eac31aa87d3 2010.0/x86_64/firefox-mr-3.6.17-0.1mdv2010.0.x86_64.rpm
c23330441a1939016356bc7366a683e5 2010.0/x86_64/firefox-nb_NO-3.6.17-0.1mdv2010.0.x86_64.rpm
ce40b26758f7aa07d0a778a8c8c9a869 2010.0/x86_64/firefox-nl-3.6.17-0.1mdv2010.0.x86_64.rpm
0951798322644efd44f6c2aff2ca282a 2010.0/x86_64/firefox-nn_NO-3.6.17-0.1mdv2010.0.x86_64.rpm
4e5d2f92e75e0d89ea4360d8fff8046c 2010.0/x86_64/firefox-oc-3.6.17-0.1mdv2010.0.x86_64.rpm
8f4ac7bf6a4d8a013f356ed84c52a5e9 2010.0/x86_64/firefox-pa_IN-3.6.17-0.1mdv2010.0.x86_64.rpm
3a731045099cd9ed850f9a321c0c84e3 2010.0/x86_64/firefox-pl-3.6.17-0.1mdv2010.0.x86_64.rpm
8a53363afc83d26a624f443105237a7e 2010.0/x86_64/firefox-pt_BR-3.6.17-0.1mdv2010.0.x86_64.rpm
f59973b7a3072bef189f9a3767cb24ab 2010.0/x86_64/firefox-pt_PT-3.6.17-0.1mdv2010.0.x86_64.rpm
5501412ba991954e58e917fc526ddf60 2010.0/x86_64/firefox-ro-3.6.17-0.1mdv2010.0.x86_64.rpm
acb0a6140acb5a4535d837963397a236 2010.0/x86_64/firefox-ru-3.6.17-0.1mdv2010.0.x86_64.rpm
dc7d2a7df0902ab3dc633fb74eb9adbd 2010.0/x86_64/firefox-si-3.6.17-0.1mdv2010.0.x86_64.rpm
5067af9af1aabd868b536f310d031900 2010.0/x86_64/firefox-sk-3.6.17-0.1mdv2010.0.x86_64.rpm
0907f9829d35681cf8a6791cef140e54 2010.0/x86_64/firefox-sl-3.6.17-0.1mdv2010.0.x86_64.rpm
57187489089f47923ce21c9ecb51ec4e 2010.0/x86_64/firefox-sq-3.6.17-0.1mdv2010.0.x86_64.rpm
4d70e7d9ebf0bfe9b10a2747c102da70 2010.0/x86_64/firefox-sr-3.6.17-0.1mdv2010.0.x86_64.rpm
6acf58ff03814bb7fd18d8615715a7c1 2010.0/x86_64/firefox-sv_SE-3.6.17-0.1mdv2010.0.x86_64.rpm
267943c59c737740d5bc9755d942d218 2010.0/x86_64/firefox-te-3.6.17-0.1mdv2010.0.x86_64.rpm
6cce1edffc8c33b54a918ce261ed018e 2010.0/x86_64/firefox-th-3.6.17-0.1mdv2010.0.x86_64.rpm
e055a883cdd6ca3c32c2cc730bfff8a7 2010.0/x86_64/firefox-theme-kfirefox-0.16-7.18mdv2010.0.x86_64.rpm
8ae0f6456b5cc9df16a92b2fc0bc2b0c 2010.0/x86_64/firefox-tr-3.6.17-0.1mdv2010.0.x86_64.rpm
cfa6c76ff6518cf642c052bdc551a18a 2010.0/x86_64/firefox-uk-3.6.17-0.1mdv2010.0.x86_64.rpm
55017d39c0a0087d3bac20ec4ba4eb85 2010.0/x86_64/firefox-zh_CN-3.6.17-0.1mdv2010.0.x86_64.rpm
63dc4f884a0f1297e23fa5dc5e7c3cf5 2010.0/x86_64/firefox-zh_TW-3.6.17-0.1mdv2010.0.x86_64.rpm
ee0c18920080702d3595cb7adae275f4 2010.0/x86_64/gnome-python-extras-2.25.3-10.19mdv2010.0.x86_64.rpm
5919c717c5a7f305c57d7c8df48b11a9 2010.0/x86_64/gnome-python-gda-2.25.3-10.19mdv2010.0.x86_64.rpm
562bd44a9be0630f52ce76aad2cefe0a 2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.19mdv2010.0.x86_64.rpm
8cb0d40770f948e918f8c82942fcc761 2010.0/x86_64/gnome-python-gdl-2.25.3-10.19mdv2010.0.x86_64.rpm
4c2f19fef0720a1b23a23b96230df928 2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.19mdv2010.0.x86_64.rpm
5e159bd5b05ac4765cac691315ebb389 2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.19mdv2010.0.x86_64.rpm
887bebf0c67dd6ee749c05044c5b8ebb 2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.19mdv2010.0.x86_64.rpm
3a1e5f6ee829cc818f287a7efd4d529d 2010.0/x86_64/google-gadgets-common-0.11.2-0.14mdv2010.0.x86_64.rpm
a524c9ce952ce767b01b626e3cb816d2 2010.0/x86_64/google-gadgets-gtk-0.11.2-0.14mdv2010.0.x86_64.rpm
46b9c5ddc279d9f1fdf9b743ed651416 2010.0/x86_64/google-gadgets-qt-0.11.2-0.14mdv2010.0.x86_64.rpm
bae5a5dd90cd5313f77c2a7ae009069e 2010.0/x86_64/lemon-3.7.4-0.1mdv2010.0.x86_64.rpm
fc2b8cfae8a71b058d75c1474f44d1fc 2010.0/x86_64/lib64ggadget1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
72a1707675b38a97f6dd8b1e3af79077 2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
286b4299556830c2bb109c507e226c15 2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
5941285845cdaf816e947e1075cb5262 2010.0/x86_64/lib64ggadget-js1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
0cf1545c0ee9e59d85b417653e4fe73b 2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
25d8d06e4057f91f3ec5f7aeeeaa88fb 2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
8372ebd0bb8b13ef269c5e6262683fa5 2010.0/x86_64/lib64ggadget-webkitjs0-0.11.2-0.14mdv2010.0.x86_64.rpm
6b7548e88e5d630c380c8948dd3badf5 2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm
b77e42d31574efb78e25701c50f55ea6 2010.0/x86_64/lib64google-gadgets-devel-0.11.2-0.14mdv2010.0.x86_64.rpm
d9d6b24145b1d34e0438b46bb30c37da 2010.0/x86_64/lib64opensc2-0.11.9-1.19mdv2010.0.x86_64.rpm
e93eece7e774e29e7890e1d1487d3e1f 2010.0/x86_64/lib64opensc-devel-0.11.9-1.19mdv2010.0.x86_64.rpm
a87a4cbec8ff5a04b86817e186139b78 2010.0/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2010.0.x86_64.rpm
a6df85f41686791ba19d706ea85ef4ce 2010.0/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2010.0.x86_64.rpm
40de3fdcbc3fb1324e0b3240227c447f 2010.0/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.0.x86_64.rpm
0113d0dc5addcc762b452a01f249c4dc 2010.0/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0.x86_64.rpm
92b6e05534a1c3eceaca1cdb79112d99 2010.0/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2010.0.x86_64.rpm
9823b87815015254cb08ef4948509249 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.19mdv2010.0.x86_64.rpm
a95dcd7863f187f9926cc202e14ef578 2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-20.24mdv2010.0.x86_64.rpm
f93d3ed66cde233df336291a66460ecc 2010.0/x86_64/opensc-0.11.9-1.19mdv2010.0.x86_64.rpm
e920dc086da22a991f91a53665fedef8 2010.0/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2010.0.x86_64.rpm
1c6c0d52e529171edb60a638c43b8809 2010.0/x86_64/xulrunner-1.9.2.17-0.1mdv2010.0.x86_64.rpm
ae9a9a91c9e9ce6f70c29f2aad7fc8f1 2010.0/x86_64/yelp-2.28.0-1.21mdv2010.0.x86_64.rpm
872f3f5473c99556ba3676a2087618ac 2010.0/SRPMS/beagle-0.3.9-20.24mdv2010.0.src.rpm
eb7c8b9b8b19f6cf7dab54a0128a7c3b 2010.0/SRPMS/firefox-3.6.17-0.1mdv2010.0.src.rpm
b8a28536c5f5b90e1e56fcbccc0f7828 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.src.rpm
0203c855fea4ad16b8bf3490c28a522a 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.src.rpm
b01922e0aef070ea95b6fa98945fb685 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.src.rpm
16b3eb2d5945df96a9768051a3093b04 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.src.rpm
4e57990dc20e6089157a02b0dd7bad97 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.src.rpm
1e3f69cadbe70bffd1c7f7220f11792c 2010.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.0.src.rpm
13d4fc5888b6dc2c2b7347de5ffe6282 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.18mdv2010.0.src.rpm
43f53231379e4b1ef09b31f24d329448 2010.0/SRPMS/gnome-python-extras-2.25.3-10.19mdv2010.0.src.rpm
15ead6d66f9b662b9a02a970717a5063 2010.0/SRPMS/google-gadgets-0.11.2-0.14mdv2010.0.src.rpm
24971ad45f4df34e024b071415dfe672 2010.0/SRPMS/lemon-3.7.4-0.1mdv2010.0.src.rpm
23959d528a982971b2f7e9016c3789b4 2010.0/SRPMS/opensc-0.11.9-1.19mdv2010.0.src.rpm
9de0929e70ecda34752e0ab536491e15 2010.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.0.src.rpm
5983d5c4fe3694a9875e836334d73d98 2010.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.0.src.rpm
4a673f357f57178cc398edbe72b749a9 2010.0/SRPMS/yelp-2.28.0-1.21mdv2010.0.src.rpm
Mandriva Linux 2010.1:
b8d77a5d048b82e38083d71ec55acf5b 2010.1/i586/beagle-0.3.9-40.14mdv2010.2.i586.rpm
e3d539ad1fb243f6ddcf842a743d49cf 2010.1/i586/beagle-crawl-system-0.3.9-40.14mdv2010.2.i586.rpm
d9e4d663700c0f54e19702cf2c53bde5 2010.1/i586/beagle-doc-0.3.9-40.14mdv2010.2.i586.rpm
72f328f300a35d37ed72ca7271049562 2010.1/i586/beagle-evolution-0.3.9-40.14mdv2010.2.i586.rpm
414eed08be2161f5c548f733cdbb29e1 2010.1/i586/beagle-gui-0.3.9-40.14mdv2010.2.i586.rpm
e19385deaa5fb16118db1957762d6c23 2010.1/i586/beagle-gui-qt-0.3.9-40.14mdv2010.2.i586.rpm
badd30997d1be55d54f9f84ed95c1cad 2010.1/i586/beagle-libs-0.3.9-40.14mdv2010.2.i586.rpm
e3b3ae5312158ba23cf391bfdad5f414 2010.1/i586/firefox-3.6.17-0.1mdv2010.2.i586.rpm
f92af2f4925734bb1d646486c763f61f 2010.1/i586/firefox-af-3.6.17-0.1mdv2010.2.i586.rpm
1bca461e767ede98a0a75027a7c90dd2 2010.1/i586/firefox-ar-3.6.17-0.1mdv2010.2.i586.rpm
bd2e765f5f089c9737a3931dbe725449 2010.1/i586/firefox-be-3.6.17-0.1mdv2010.2.i586.rpm
d626a973b6602a5333a6c6daf0fc408c 2010.1/i586/firefox-bg-3.6.17-0.1mdv2010.2.i586.rpm
e97feb110482d0875e12e88dc15f307b 2010.1/i586/firefox-bn-3.6.17-0.1mdv2010.2.i586.rpm
71001a353742c8147820cdf9ac5b6800 2010.1/i586/firefox-ca-3.6.17-0.1mdv2010.2.i586.rpm
21627432dd2f58253114486374d61d59 2010.1/i586/firefox-cs-3.6.17-0.1mdv2010.2.i586.rpm
3c99e580e4d0b46870c2e14442b677da 2010.1/i586/firefox-cy-3.6.17-0.1mdv2010.2.i586.rpm
3f86c960410b6c2a5e7f1df15c044aba 2010.1/i586/firefox-da-3.6.17-0.1mdv2010.2.i586.rpm
1fedae2cb5b853bc05d59aaefa6c4e80 2010.1/i586/firefox-de-3.6.17-0.1mdv2010.2.i586.rpm
1b2125c2d7f7a3d1d7911624d57f3066 2010.1/i586/firefox-devel-3.6.17-0.1mdv2010.2.i586.rpm
cc8ac2c81fbd8837c669186037aee17a 2010.1/i586/firefox-el-3.6.17-0.1mdv2010.2.i586.rpm
5998d4b9a23ba66596cd63337914102d 2010.1/i586/firefox-en_GB-3.6.17-0.1mdv2010.2.i586.rpm
e1e28915674887756aab59c8162010b6 2010.1/i586/firefox-eo-3.6.17-0.1mdv2010.2.i586.rpm
a4f356bf8f7658e57e92b37e132dfa2f 2010.1/i586/firefox-es_AR-3.6.17-0.1mdv2010.2.i586.rpm
2813ea1d4c713de227a59b2cd29524f5 2010.1/i586/firefox-es_ES-3.6.17-0.1mdv2010.2.i586.rpm
afd3b8604a600cec91b0a4b7895c1f1c 2010.1/i586/firefox-et-3.6.17-0.1mdv2010.2.i586.rpm
00b5358da1d1a00658ebf357047e65ac 2010.1/i586/firefox-eu-3.6.17-0.1mdv2010.2.i586.rpm
567807249360485d9a322456e2e336e3 2010.1/i586/firefox-ext-beagle-0.3.9-40.14mdv2010.2.i586.rpm
1de6adc44baf182a7671f0eeb5eda1a9 2010.1/i586/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.i586.rpm
0ebcd27f5621c1d9158c142e043ebc3d 2010.1/i586/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.i586.rpm
768c0d55de91eea79bd0d40fbaecb1fc 2010.1/i586/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.i586.rpm
e5d9d4d59a39804c168c94b0d90cec4d 2010.1/i586/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.i586.rpm
4c1d4945db1eba350d96a3590165b376 2010.1/i586/firefox-ext-weave-sync-1.1-5.11mdv2010.2.i586.rpm
adb3d90cdf0b58b5f25c51eca963033e 2010.1/i586/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.i586.rpm
0646724c19d31f3a1b6335671b9fb05a 2010.1/i586/firefox-fi-3.6.17-0.1mdv2010.2.i586.rpm
4f604a22b3cd3f3bf60417b02285fc1b 2010.1/i586/firefox-fr-3.6.17-0.1mdv2010.2.i586.rpm
a3b1a56c2bbde166e78a9ec485fbcf1f 2010.1/i586/firefox-fy-3.6.17-0.1mdv2010.2.i586.rpm
22ee1bf09632b4d95bfb91a704dfd601 2010.1/i586/firefox-ga_IE-3.6.17-0.1mdv2010.2.i586.rpm
3dd543adec09ff4b13d26eb47f1fb20f 2010.1/i586/firefox-gl-3.6.17-0.1mdv2010.2.i586.rpm
cef28501b0781bed9d585632fba33e3e 2010.1/i586/firefox-gu_IN-3.6.17-0.1mdv2010.2.i586.rpm
f4ab5aaca98491c489fed8d3a2235f2a 2010.1/i586/firefox-he-3.6.17-0.1mdv2010.2.i586.rpm
e3c5485fd9db1ad9add1335457fb6c1e 2010.1/i586/firefox-hi-3.6.17-0.1mdv2010.2.i586.rpm
c96b6c27fda6a085f746e37061b9b4a5 2010.1/i586/firefox-hu-3.6.17-0.1mdv2010.2.i586.rpm
1f3f0fe5cbfb262b8ec3b984ef85e70f 2010.1/i586/firefox-id-3.6.17-0.1mdv2010.2.i586.rpm
3dba18e4535dbaf221b0e7a1afe8fa33 2010.1/i586/firefox-is-3.6.17-0.1mdv2010.2.i586.rpm
1dbef08d68ebd0abfd9ee6b28c2de9c6 2010.1/i586/firefox-it-3.6.17-0.1mdv2010.2.i586.rpm
031319b736ca3835b1c76e0fb6b96138 2010.1/i586/firefox-ja-3.6.17-0.1mdv2010.2.i586.rpm
c87c40a558b0790324235aa8f53e4c4c 2010.1/i586/firefox-ka-3.6.17-0.1mdv2010.2.i586.rpm
6cfad1e915715810a1a369177b2f5d61 2010.1/i586/firefox-kn-3.6.17-0.1mdv2010.2.i586.rpm
143d89c96b3ba277372b282ddc0dc8a5 2010.1/i586/firefox-ko-3.6.17-0.1mdv2010.2.i586.rpm
4875194da66fc7a25de2a3fea4a79e3c 2010.1/i586/firefox-ku-3.6.17-0.1mdv2010.2.i586.rpm
8e725f3963a96823755dd3867bf28602 2010.1/i586/firefox-lt-3.6.17-0.1mdv2010.2.i586.rpm
66b313862cb22ce6ca3c6968ee26921e 2010.1/i586/firefox-lv-3.6.17-0.1mdv2010.2.i586.rpm
12ee2c6feaa8cf8376fd8fca9f1bb722 2010.1/i586/firefox-mk-3.6.17-0.1mdv2010.2.i586.rpm
c170010bfd5482745e1174c003c9d0a8 2010.1/i586/firefox-mr-3.6.17-0.1mdv2010.2.i586.rpm
e0bb402c10e5c6b35dc76899edaa6a43 2010.1/i586/firefox-nb_NO-3.6.17-0.1mdv2010.2.i586.rpm
590f7c9ec9227931b504c40e3cfe4c98 2010.1/i586/firefox-nl-3.6.17-0.1mdv2010.2.i586.rpm
a1f62132e8eff956ca229b175547bc8a 2010.1/i586/firefox-nn_NO-3.6.17-0.1mdv2010.2.i586.rpm
5d991dbc83349fbb8bb2499d6fe8a095 2010.1/i586/firefox-oc-3.6.17-0.1mdv2010.2.i586.rpm
759972b97f09651b51ba92309f31e2de 2010.1/i586/firefox-pa_IN-3.6.17-0.1mdv2010.2.i586.rpm
6e6b7219d1ecd591e41caa4123f63b76 2010.1/i586/firefox-pl-3.6.17-0.1mdv2010.2.i586.rpm
bb83d279fae5a52f76ed0ae3d4a7db5a 2010.1/i586/firefox-pt_BR-3.6.17-0.1mdv2010.2.i586.rpm
187b4443ca26b0e68129ac504e6c5235 2010.1/i586/firefox-pt_PT-3.6.17-0.1mdv2010.2.i586.rpm
d22c10d077178fff996622dfde792eae 2010.1/i586/firefox-ro-3.6.17-0.1mdv2010.2.i586.rpm
aa705c1d5618f6f6e71326d2a32dd255 2010.1/i586/firefox-ru-3.6.17-0.1mdv2010.2.i586.rpm
5e125511f9e105f55cbd96f317ba803f 2010.1/i586/firefox-si-3.6.17-0.1mdv2010.2.i586.rpm
976971a940193cb0bf70f97b717498a8 2010.1/i586/firefox-sk-3.6.17-0.1mdv2010.2.i586.rpm
1cddfc6bef317349b436a912b003a7f5 2010.1/i586/firefox-sl-3.6.17-0.1mdv2010.2.i586.rpm
879b1deb0aaffaecd078ae7ba7618710 2010.1/i586/firefox-sq-3.6.17-0.1mdv2010.2.i586.rpm
7e6b068856ac8500bcd6aaa9c01e5e14 2010.1/i586/firefox-sr-3.6.17-0.1mdv2010.2.i586.rpm
05ca1b47948e9c5c86c7b17f94d3b2a1 2010.1/i586/firefox-sv_SE-3.6.17-0.1mdv2010.2.i586.rpm
6668f6102d4e613b1ffea6edc6f494e1 2010.1/i586/firefox-te-3.6.17-0.1mdv2010.2.i586.rpm
3931eb722acd12b3b1e8552001260e13 2010.1/i586/firefox-th-3.6.17-0.1mdv2010.2.i586.rpm
fe40bc33f98e01c7e6f7245903d248ba 2010.1/i586/firefox-tr-3.6.17-0.1mdv2010.2.i586.rpm
06afc549b7a34202e01401ee90a57f51 2010.1/i586/firefox-uk-3.6.17-0.1mdv2010.2.i586.rpm
daf5388854c9c080691f8ad6f2f4c571 2010.1/i586/firefox-zh_CN-3.6.17-0.1mdv2010.2.i586.rpm
2e5dac4baae18fdebeb079b87f0e2764 2010.1/i586/firefox-zh_TW-3.6.17-0.1mdv2010.2.i586.rpm
c8ec76b45dd053157d27f447c5f68b38 2010.1/i586/gjs-0.6-4.11mdv2010.2.i586.rpm
a6d96cbc1797a5ef4f3adc12890d041a 2010.1/i586/gnome-python-extras-2.25.3-18.11mdv2010.2.i586.rpm
864766bd22a9198507f8815e63164b64 2010.1/i586/gnome-python-gda-2.25.3-18.11mdv2010.2.i586.rpm
d17affd30ae42d69c2cdedf964689a22 2010.1/i586/gnome-python-gda-devel-2.25.3-18.11mdv2010.2.i586.rpm
be6778f5af28259cdb5863b8f8072c94 2010.1/i586/gnome-python-gdl-2.25.3-18.11mdv2010.2.i586.rpm
4ec3f5f41ab9795f615c4e703b42a0b0 2010.1/i586/gnome-python-gtkhtml2-2.25.3-18.11mdv2010.2.i586.rpm
fcd4adc34b35af74db4fbc356f1cd968 2010.1/i586/gnome-python-gtkmozembed-2.25.3-18.11mdv2010.2.i586.rpm
9b48fdb112d3e76c72b98ed90b7b0ea5 2010.1/i586/gnome-python-gtkspell-2.25.3-18.11mdv2010.2.i586.rpm
8e546c115f1f1324554283e50e5c0717 2010.1/i586/lemon-3.7.4-0.1mdv2010.2.i586.rpm
ef932e3117540da38e4ccc10cfa496ca 2010.1/i586/libgjs0-0.6-4.11mdv2010.2.i586.rpm
39fac8356ae39f2385561dc05df7c9bc 2010.1/i586/libgjs-devel-0.6-4.11mdv2010.2.i586.rpm
2135e4941c28926152d58b059fef2844 2010.1/i586/libsqlite3_0-3.7.6.2-0.1mdv2010.2.i586.rpm
47078c5879b0b16b3b9e1395401e7fcb 2010.1/i586/libsqlite3-devel-3.7.6.2-0.1mdv2010.2.i586.rpm
3972e1f7e649f3a7c851abcd50d713d2 2010.1/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2010.2.i586.rpm
2c4c36f08cfbd36d28682810a861ce43 2010.1/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2.i586.rpm
b13d7970d7a5ba930a8c514ba220701d 2010.1/i586/libxulrunner-devel-1.9.2.17-0.1mdv2010.2.i586.rpm
47acad2f47c9ba18d718f3abd69e93c2 2010.1/i586/mozilla-thunderbird-beagle-0.3.9-40.14mdv2010.2.i586.rpm
c759ba0d2acb577d927a140904e55d1d 2010.1/i586/sqlite3-tools-3.7.6.2-0.1mdv2010.2.i586.rpm
06478b05f0815d4c27f510cbeb41931b 2010.1/i586/xulrunner-1.9.2.17-0.1mdv2010.2.i586.rpm
264d3c3677e06ad021b1cd3d877b3542 2010.1/i586/yelp-2.30.1-4.11mdv2010.2.i586.rpm
f03639972840639a315ace5577a3f7d7 2010.1/SRPMS/beagle-0.3.9-40.14mdv2010.2.src.rpm
1b407792bc53910f470fef2aa107c4db 2010.1/SRPMS/firefox-3.6.17-0.1mdv2010.2.src.rpm
cffc7531253d821db2a606e56993d5e1 2010.1/SRPMS/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.src.rpm
84480ce74b027244dc64794cbae17d07 2010.1/SRPMS/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.src.rpm
ec8e51d467efb46c6fad4d9a5e64af51 2010.1/SRPMS/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.src.rpm
9626186349beb04c41ac48c21bf268b1 2010.1/SRPMS/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.src.rpm
e65da7beca8fa7edffd5a70da28161ec 2010.1/SRPMS/firefox-ext-weave-sync-1.1-5.11mdv2010.2.src.rpm
c4ce7eec413e557445f66f2b167899a7 2010.1/SRPMS/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.src.rpm
55bd4776f283283a5c8ab1906658b9c9 2010.1/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.2.src.rpm
e0bcbb8764bd02ec459e7252aec2d042 2010.1/SRPMS/gjs-0.6-4.11mdv2010.2.src.rpm
66f6688cea914918243d9afeefc443b2 2010.1/SRPMS/gnome-python-extras-2.25.3-18.11mdv2010.2.src.rpm
f8304df757bbcc2d16d3198e3fda3d23 2010.1/SRPMS/lemon-3.7.4-0.1mdv2010.2.src.rpm
8b4cc9318b6004ece98b4d1057cea92d 2010.1/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.2.src.rpm
6a7d4ed599fbf868d4a02a9e8d2933c8 2010.1/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.2.src.rpm
8f9d8865473f416ec554aa017d0dccb1 2010.1/SRPMS/yelp-2.30.1-4.11mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
53032f4cd5d44f7b37aeb5cc171e0d1a 2010.1/x86_64/beagle-0.3.9-40.14mdv2010.2.x86_64.rpm
de51591c9764ec279edf913edf302217 2010.1/x86_64/beagle-crawl-system-0.3.9-40.14mdv2010.2.x86_64.rpm
bf4657dfed2ce3e1578f44930843fafc 2010.1/x86_64/beagle-doc-0.3.9-40.14mdv2010.2.x86_64.rpm
a8dadcc375eb256aafeb35fe4526b5ce 2010.1/x86_64/beagle-evolution-0.3.9-40.14mdv2010.2.x86_64.rpm
85b3826eeb31a9aa076d812e0b033fe2 2010.1/x86_64/beagle-gui-0.3.9-40.14mdv2010.2.x86_64.rpm
9bf2efc37288ab863deae5a824dbe50a 2010.1/x86_64/beagle-gui-qt-0.3.9-40.14mdv2010.2.x86_64.rpm
494b0ceba524ee3d54e718173a134c2a 2010.1/x86_64/beagle-libs-0.3.9-40.14mdv2010.2.x86_64.rpm
e46b7ca18a34233df87a9d936ad4bb84 2010.1/x86_64/firefox-3.6.17-0.1mdv2010.2.x86_64.rpm
22a39de7d1d7bdada1e59a88b0aa15b7 2010.1/x86_64/firefox-af-3.6.17-0.1mdv2010.2.x86_64.rpm
82fbe86619de87a67c82aa637d66eff9 2010.1/x86_64/firefox-ar-3.6.17-0.1mdv2010.2.x86_64.rpm
667ff12e314e1077d53f857239efcc0e 2010.1/x86_64/firefox-be-3.6.17-0.1mdv2010.2.x86_64.rpm
fc89c99c3848b35835a52f7cc0b32472 2010.1/x86_64/firefox-bg-3.6.17-0.1mdv2010.2.x86_64.rpm
e0c03dd7a31141fabbad70ad068d5d34 2010.1/x86_64/firefox-bn-3.6.17-0.1mdv2010.2.x86_64.rpm
93a8115d530b7fc9174e1a75c314dfdf 2010.1/x86_64/firefox-ca-3.6.17-0.1mdv2010.2.x86_64.rpm
9388cb5df3bc5d5411d48bc1914edbbc 2010.1/x86_64/firefox-cs-3.6.17-0.1mdv2010.2.x86_64.rpm
eafa8fd9f5275d3d5e379341d8ce0c68 2010.1/x86_64/firefox-cy-3.6.17-0.1mdv2010.2.x86_64.rpm
b996034e9f08a25be24f1a89277585cd 2010.1/x86_64/firefox-da-3.6.17-0.1mdv2010.2.x86_64.rpm
028096333315b17aae3e5f0dc962e24a 2010.1/x86_64/firefox-de-3.6.17-0.1mdv2010.2.x86_64.rpm
d7baf446d20b9786cc28c44d5d0202b5 2010.1/x86_64/firefox-devel-3.6.17-0.1mdv2010.2.x86_64.rpm
3b852a87c33cd0e75d103e097e7d320a 2010.1/x86_64/firefox-el-3.6.17-0.1mdv2010.2.x86_64.rpm
1a19015cab0401d728fe04814c3835a5 2010.1/x86_64/firefox-en_GB-3.6.17-0.1mdv2010.2.x86_64.rpm
26de6d4b2135970f0020b67981dac233 2010.1/x86_64/firefox-eo-3.6.17-0.1mdv2010.2.x86_64.rpm
df2fc9e8d2db93ae0812401cb19b231d 2010.1/x86_64/firefox-es_AR-3.6.17-0.1mdv2010.2.x86_64.rpm
8a3b33018ff6f84a9c014df086c5963d 2010.1/x86_64/firefox-es_ES-3.6.17-0.1mdv2010.2.x86_64.rpm
b070fca7be42864ee1f7406fc89ac3e2 2010.1/x86_64/firefox-et-3.6.17-0.1mdv2010.2.x86_64.rpm
fad4b35f38578d2c72bf750779908db3 2010.1/x86_64/firefox-eu-3.6.17-0.1mdv2010.2.x86_64.rpm
c98e6a802a3fdc802558fda32e38fbf4 2010.1/x86_64/firefox-ext-beagle-0.3.9-40.14mdv2010.2.x86_64.rpm
83ad811c61d33c3f1d3efff51f650e49 2010.1/x86_64/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.x86_64.rpm
dd27de519ed45b4911a5854c2aebba01 2010.1/x86_64/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.x86_64.rpm
d8f0a5553ecae1ea98badfeafd5bb495 2010.1/x86_64/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.x86_64.rpm
da8529bf5c54bb7089aac5fa34e08fa2 2010.1/x86_64/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.x86_64.rpm
74be4a3dd584ac9614204ec0eee5a76c 2010.1/x86_64/firefox-ext-weave-sync-1.1-5.11mdv2010.2.x86_64.rpm
e15889b13af1fca608a2207defcf395f 2010.1/x86_64/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.x86_64.rpm
2fb1491b1038a0fbf4d4b77e77de5d2d 2010.1/x86_64/firefox-fi-3.6.17-0.1mdv2010.2.x86_64.rpm
87aff9990ee27579705647b5f677d1a0 2010.1/x86_64/firefox-fr-3.6.17-0.1mdv2010.2.x86_64.rpm
f5fa6b37709ebfc386e8f3186c9bf3e5 2010.1/x86_64/firefox-fy-3.6.17-0.1mdv2010.2.x86_64.rpm
f0e79b94e45222e0e811e557be2bc0ad 2010.1/x86_64/firefox-ga_IE-3.6.17-0.1mdv2010.2.x86_64.rpm
58ef7cb55ebd74749501aa199ded7ae3 2010.1/x86_64/firefox-gl-3.6.17-0.1mdv2010.2.x86_64.rpm
384a1b23643a1651465968c608691e07 2010.1/x86_64/firefox-gu_IN-3.6.17-0.1mdv2010.2.x86_64.rpm
7757a222e9272b89a437885e6ce5b31f 2010.1/x86_64/firefox-he-3.6.17-0.1mdv2010.2.x86_64.rpm
8dded891812eab92931d01af412a3ebf 2010.1/x86_64/firefox-hi-3.6.17-0.1mdv2010.2.x86_64.rpm
3a1f1a4d2e0504dfffebeedac06fd757 2010.1/x86_64/firefox-hu-3.6.17-0.1mdv2010.2.x86_64.rpm
e342a02179f742297e55beca9a6b8ca6 2010.1/x86_64/firefox-id-3.6.17-0.1mdv2010.2.x86_64.rpm
036b31e88314428055f6e4a2e66fa493 2010.1/x86_64/firefox-is-3.6.17-0.1mdv2010.2.x86_64.rpm
bec6bbcfcfdbaf95cdfcd7080feafc33 2010.1/x86_64/firefox-it-3.6.17-0.1mdv2010.2.x86_64.rpm
590f80b0284b1d97100c84b0c0d1635e 2010.1/x86_64/firefox-ja-3.6.17-0.1mdv2010.2.x86_64.rpm
b7f833b9c8b8c0c730ff79e2376925ed 2010.1/x86_64/firefox-ka-3.6.17-0.1mdv2010.2.x86_64.rpm
72ac06e97023f95de8bf03493178b68f 2010.1/x86_64/firefox-kn-3.6.17-0.1mdv2010.2.x86_64.rpm
d6280f4d487fb74bb58134b86d3b02e0 2010.1/x86_64/firefox-ko-3.6.17-0.1mdv2010.2.x86_64.rpm
2902d4911e52992ff1965776fa55773b 2010.1/x86_64/firefox-ku-3.6.17-0.1mdv2010.2.x86_64.rpm
6749cc63b9ed02c76638143da1a69567 2010.1/x86_64/firefox-lt-3.6.17-0.1mdv2010.2.x86_64.rpm
7fdeafa0a786ffe52ceafc32171b0008 2010.1/x86_64/firefox-lv-3.6.17-0.1mdv2010.2.x86_64.rpm
8a5611333bc64fef5d911ffebed01b71 2010.1/x86_64/firefox-mk-3.6.17-0.1mdv2010.2.x86_64.rpm
f26f30c2518c55c4db7ea283cdd980cb 2010.1/x86_64/firefox-mr-3.6.17-0.1mdv2010.2.x86_64.rpm
ab55f04a3ca359de4160f36b157dcfdb 2010.1/x86_64/firefox-nb_NO-3.6.17-0.1mdv2010.2.x86_64.rpm
037558db1519c9ebf7fc964ddaf9101d 2010.1/x86_64/firefox-nl-3.6.17-0.1mdv2010.2.x86_64.rpm
3645335e57393ac183a626016de84c4f 2010.1/x86_64/firefox-nn_NO-3.6.17-0.1mdv2010.2.x86_64.rpm
39c1c6d029a0ddaee7f167684622ba47 2010.1/x86_64/firefox-oc-3.6.17-0.1mdv2010.2.x86_64.rpm
f24638c4c92fb8c06d7a6f7ffb83ef57 2010.1/x86_64/firefox-pa_IN-3.6.17-0.1mdv2010.2.x86_64.rpm
6501493cba87fdc0380a8f8d9998ed1a 2010.1/x86_64/firefox-pl-3.6.17-0.1mdv2010.2.x86_64.rpm
99ac520214b2fc84dc5ad26a407d5473 2010.1/x86_64/firefox-pt_BR-3.6.17-0.1mdv2010.2.x86_64.rpm
03e2274cd6b99e00822fca70318d6baa 2010.1/x86_64/firefox-pt_PT-3.6.17-0.1mdv2010.2.x86_64.rpm
fe066759fb775dfcafe76fc54fdf61c6 2010.1/x86_64/firefox-ro-3.6.17-0.1mdv2010.2.x86_64.rpm
30700e22cea9e182e020adeafb4d0507 2010.1/x86_64/firefox-ru-3.6.17-0.1mdv2010.2.x86_64.rpm
ec4f873d8e05b8ab45a19bab482b4949 2010.1/x86_64/firefox-si-3.6.17-0.1mdv2010.2.x86_64.rpm
4835225ee74f3d8f62c0541823582f2c 2010.1/x86_64/firefox-sk-3.6.17-0.1mdv2010.2.x86_64.rpm
2054bedb2c948d9a46c2ec0dae110c38 2010.1/x86_64/firefox-sl-3.6.17-0.1mdv2010.2.x86_64.rpm
61df79a4f54f3bf36eb133465de48cd4 2010.1/x86_64/firefox-sq-3.6.17-0.1mdv2010.2.x86_64.rpm
4e9afd7cd78caed3fdd00ed795f5b597 2010.1/x86_64/firefox-sr-3.6.17-0.1mdv2010.2.x86_64.rpm
8b3ccf29a6280da169e1ed82c065f6e0 2010.1/x86_64/firefox-sv_SE-3.6.17-0.1mdv2010.2.x86_64.rpm
179197adbd3ba25592cbd581108ce5ea 2010.1/x86_64/firefox-te-3.6.17-0.1mdv2010.2.x86_64.rpm
d737d709fd550410ebfefdd338758d6e 2010.1/x86_64/firefox-th-3.6.17-0.1mdv2010.2.x86_64.rpm
e5936f4c07fb77132172ac02e94ca477 2010.1/x86_64/firefox-tr-3.6.17-0.1mdv2010.2.x86_64.rpm
8192f4a4f31a5b16bd5db044485261d6 2010.1/x86_64/firefox-uk-3.6.17-0.1mdv2010.2.x86_64.rpm
29e39d3eeea7fc56548d8453fe9d562d 2010.1/x86_64/firefox-zh_CN-3.6.17-0.1mdv2010.2.x86_64.rpm
f938602338d91d92eda1a0b3bdb1fce7 2010.1/x86_64/firefox-zh_TW-3.6.17-0.1mdv2010.2.x86_64.rpm
2cc9893d0e15e8d6a387dc1858f49095 2010.1/x86_64/gjs-0.6-4.11mdv2010.2.x86_64.rpm
a4bd11a7f67b3e932916effa4528c6a7 2010.1/x86_64/gnome-python-extras-2.25.3-18.11mdv2010.2.x86_64.rpm
95cee5d067e61a517fb1a5d117171ec0 2010.1/x86_64/gnome-python-gda-2.25.3-18.11mdv2010.2.x86_64.rpm
91d3209a56123c6d6a0aa694347e872c 2010.1/x86_64/gnome-python-gda-devel-2.25.3-18.11mdv2010.2.x86_64.rpm
34df1edf5e0be2a08528ce1662de63be 2010.1/x86_64/gnome-python-gdl-2.25.3-18.11mdv2010.2.x86_64.rpm
d137508cb856c9076d4dc31f5dd7f306 2010.1/x86_64/gnome-python-gtkhtml2-2.25.3-18.11mdv2010.2.x86_64.rpm
21bb6b0f05bca7b9a6940e8e45dd3a96 2010.1/x86_64/gnome-python-gtkmozembed-2.25.3-18.11mdv2010.2.x86_64.rpm
6e524a6d0f00d4c3959c578766e98049 2010.1/x86_64/gnome-python-gtkspell-2.25.3-18.11mdv2010.2.x86_64.rpm
e2073b5a80d38b4a04d8ff834d75efdd 2010.1/x86_64/lemon-3.7.4-0.1mdv2010.2.x86_64.rpm
92f6e1c3916ea0eaf167422cb7664879 2010.1/x86_64/lib64gjs0-0.6-4.11mdv2010.2.x86_64.rpm
000331cedd3b7c59b6f31b9299e2db51 2010.1/x86_64/lib64gjs-devel-0.6-4.11mdv2010.2.x86_64.rpm
de19237a71b5ac9dd2197557eca1dac8 2010.1/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2010.2.x86_64.rpm
81e39244f2d0ca52dad100b3084f4eae 2010.1/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2010.2.x86_64.rpm
e7d7123b05e43b447830713352e58799 2010.1/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.2.x86_64.rpm
141b29ac9c15a48b64f28d26ce97046a 2010.1/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2.x86_64.rpm
676a62b038fe6e012ae7b868ee472268 2010.1/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2010.2.x86_64.rpm
83fb7cc91a80a62ed919b74401feb855 2010.1/x86_64/mozilla-thunderbird-beagle-0.3.9-40.14mdv2010.2.x86_64.rpm
52cec62fcccfe088c54a215eb3e7cd39 2010.1/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2010.2.x86_64.rpm
1951e652f207a2344b3460d0c06a1c17 2010.1/x86_64/xulrunner-1.9.2.17-0.1mdv2010.2.x86_64.rpm
58f9aa8aa5f6ec8558166674e1224998 2010.1/x86_64/yelp-2.30.1-4.11mdv2010.2.x86_64.rpm
f03639972840639a315ace5577a3f7d7 2010.1/SRPMS/beagle-0.3.9-40.14mdv2010.2.src.rpm
1b407792bc53910f470fef2aa107c4db 2010.1/SRPMS/firefox-3.6.17-0.1mdv2010.2.src.rpm
cffc7531253d821db2a606e56993d5e1 2010.1/SRPMS/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.src.rpm
84480ce74b027244dc64794cbae17d07 2010.1/SRPMS/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.src.rpm
ec8e51d467efb46c6fad4d9a5e64af51 2010.1/SRPMS/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.src.rpm
9626186349beb04c41ac48c21bf268b1 2010.1/SRPMS/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.src.rpm
e65da7beca8fa7edffd5a70da28161ec 2010.1/SRPMS/firefox-ext-weave-sync-1.1-5.11mdv2010.2.src.rpm
c4ce7eec413e557445f66f2b167899a7 2010.1/SRPMS/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.src.rpm
55bd4776f283283a5c8ab1906658b9c9 2010.1/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.2.src.rpm
e0bcbb8764bd02ec459e7252aec2d042 2010.1/SRPMS/gjs-0.6-4.11mdv2010.2.src.rpm
66f6688cea914918243d9afeefc443b2 2010.1/SRPMS/gnome-python-extras-2.25.3-18.11mdv2010.2.src.rpm
f8304df757bbcc2d16d3198e3fda3d23 2010.1/SRPMS/lemon-3.7.4-0.1mdv2010.2.src.rpm
8b4cc9318b6004ece98b4d1057cea92d 2010.1/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.2.src.rpm
6a7d4ed599fbf868d4a02a9e8d2933c8 2010.1/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.2.src.rpm
8f9d8865473f416ec554aa017d0dccb1 2010.1/SRPMS/yelp-2.30.1-4.11mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
cd1e9a42a006aa5adda100679d0cbc93 mes5/i586/firefox-3.6.17-0.1mdvmes5.2.i586.rpm
71d37ac9f0293811bd4520e03dc54157 mes5/i586/firefox-af-3.6.17-0.1mdvmes5.2.i586.rpm
7f0e73e51c41f69de839fc2755d88853 mes5/i586/firefox-ar-3.6.17-0.1mdvmes5.2.i586.rpm
0d3d203788e1c81779a5f9ca31ddb022 mes5/i586/firefox-be-3.6.17-0.1mdvmes5.2.i586.rpm
b40754b7ecfd225d8b8192055d275635 mes5/i586/firefox-bg-3.6.17-0.1mdvmes5.2.i586.rpm
28c6bc31a2e4332cc3c0f3b815cf9550 mes5/i586/firefox-bn-3.6.17-0.1mdvmes5.2.i586.rpm
6fd253979012ac8302baa07b257bfa4c mes5/i586/firefox-ca-3.6.17-0.1mdvmes5.2.i586.rpm
28354e9b7daf2993f1f4e550045a20e3 mes5/i586/firefox-cs-3.6.17-0.1mdvmes5.2.i586.rpm
4f4b94dc2cfd87ddaec38d5fb5eb0400 mes5/i586/firefox-cy-3.6.17-0.1mdvmes5.2.i586.rpm
9ebfff1af214cbee62fa37079e2bd7e6 mes5/i586/firefox-da-3.6.17-0.1mdvmes5.2.i586.rpm
f549fe10cf71e4ffacfb60882521b2df mes5/i586/firefox-de-3.6.17-0.1mdvmes5.2.i586.rpm
93305ea82f3f0db7a8818cba8a6de264 mes5/i586/firefox-devel-3.6.17-0.1mdvmes5.2.i586.rpm
27dd2d2ecc56883660cd01c1c05c0a64 mes5/i586/firefox-el-3.6.17-0.1mdvmes5.2.i586.rpm
eb242443939e1ec934e1a03e927dfcc7 mes5/i586/firefox-en_GB-3.6.17-0.1mdvmes5.2.i586.rpm
70a5b46a1a85af189111d5c903c04e6f mes5/i586/firefox-eo-3.6.17-0.1mdvmes5.2.i586.rpm
045d6b80f006d42b49404862b01228e2 mes5/i586/firefox-es_AR-3.6.17-0.1mdvmes5.2.i586.rpm
4303d5138af4a2ebe3cf3d2ca6a1917d mes5/i586/firefox-es_ES-3.6.17-0.1mdvmes5.2.i586.rpm
e75f75febb938386c4900bc1af8af042 mes5/i586/firefox-et-3.6.17-0.1mdvmes5.2.i586.rpm
452955a2a43a62918d190e022c075442 mes5/i586/firefox-eu-3.6.17-0.1mdvmes5.2.i586.rpm
9a248c3c9431b97f65e105824c9361ec mes5/i586/firefox-fi-3.6.17-0.1mdvmes5.2.i586.rpm
e404680e82e06af73a581a5c4b508156 mes5/i586/firefox-fr-3.6.17-0.1mdvmes5.2.i586.rpm
13cc1a0d0c0841dae79534feb33e3df3 mes5/i586/firefox-fy-3.6.17-0.1mdvmes5.2.i586.rpm
6e1e56d7854c9f78a1c9813ff929eacc mes5/i586/firefox-ga_IE-3.6.17-0.1mdvmes5.2.i586.rpm
a40d04e4b23e315d5138669edcac7f46 mes5/i586/firefox-gl-3.6.17-0.1mdvmes5.2.i586.rpm
003ab3759ad09849c7c75b100cb0493b mes5/i586/firefox-gu_IN-3.6.17-0.1mdvmes5.2.i586.rpm
2c0793b1f9650e6f2fee84cce9614d8c mes5/i586/firefox-he-3.6.17-0.1mdvmes5.2.i586.rpm
15074456de86609bd2f8200e5d9242d4 mes5/i586/firefox-hi-3.6.17-0.1mdvmes5.2.i586.rpm
dd2f72897646c7b30dc12775dd82a2d4 mes5/i586/firefox-hu-3.6.17-0.1mdvmes5.2.i586.rpm
29c5aa93bdca6f566cbdcabe4a8e3b9b mes5/i586/firefox-id-3.6.17-0.1mdvmes5.2.i586.rpm
163d2fa3c63d7863ccf7f7bbaf4d0e11 mes5/i586/firefox-is-3.6.17-0.1mdvmes5.2.i586.rpm
47069560437e511140ba5ff1b63291d8 mes5/i586/firefox-it-3.6.17-0.1mdvmes5.2.i586.rpm
6cc9d026a8569b790ba2fcbd8e24a862 mes5/i586/firefox-ja-3.6.17-0.1mdvmes5.2.i586.rpm
c2a4b813bfed1a0771505aba9a64b67a mes5/i586/firefox-ka-3.6.17-0.1mdvmes5.2.i586.rpm
ae479a045c885c2c887e38f43220a831 mes5/i586/firefox-kn-3.6.17-0.1mdvmes5.2.i586.rpm
adbb4ae02ac0592bb6c3164da559fcdd mes5/i586/firefox-ko-3.6.17-0.1mdvmes5.2.i586.rpm
4dade34dbe0124df10e7bc9b944223ad mes5/i586/firefox-ku-3.6.17-0.1mdvmes5.2.i586.rpm
24eb9a94cce3d8ff6108aab01814eddf mes5/i586/firefox-lt-3.6.17-0.1mdvmes5.2.i586.rpm
d26f9486102084657ce92ece26daa619 mes5/i586/firefox-lv-3.6.17-0.1mdvmes5.2.i586.rpm
36d6e7bded0d41872f598a3ee7ed3ce3 mes5/i586/firefox-mk-3.6.17-0.1mdvmes5.2.i586.rpm
26fe1eac37c64f4449e5640e2b4fd623 mes5/i586/firefox-mr-3.6.17-0.1mdvmes5.2.i586.rpm
593c15394af9f6269820bef95f5044d2 mes5/i586/firefox-nb_NO-3.6.17-0.1mdvmes5.2.i586.rpm
d20476061cc8797e78728e36f26a0e1f mes5/i586/firefox-nl-3.6.17-0.1mdvmes5.2.i586.rpm
7367469b54aba0e799ea78f8e6c57623 mes5/i586/firefox-nn_NO-3.6.17-0.1mdvmes5.2.i586.rpm
f57fa32c9d04b1efa5f0bc610aed9310 mes5/i586/firefox-oc-3.6.17-0.1mdvmes5.2.i586.rpm
1373e0a9b280d0955af3cdac49287e3c mes5/i586/firefox-pa_IN-3.6.17-0.1mdvmes5.2.i586.rpm
4db37cc34f95f2050549b2b94ec67e85 mes5/i586/firefox-pl-3.6.17-0.1mdvmes5.2.i586.rpm
cf755af35925c6c0039ee29f9c0029d0 mes5/i586/firefox-pt_BR-3.6.17-0.1mdvmes5.2.i586.rpm
a2f110045a0ddfff974990f60c4fe64b mes5/i586/firefox-pt_PT-3.6.17-0.1mdvmes5.2.i586.rpm
fbe53c4ec1d600b4c42ab3dfa377f15f mes5/i586/firefox-ro-3.6.17-0.1mdvmes5.2.i586.rpm
f656ab01daaea25add74112516d57f89 mes5/i586/firefox-ru-3.6.17-0.1mdvmes5.2.i586.rpm
2903d0b3ce028351f70f416088b119ec mes5/i586/firefox-si-3.6.17-0.1mdvmes5.2.i586.rpm
11e1d9a1c1ea08e9ca6edf1c4dead3b7 mes5/i586/firefox-sk-3.6.17-0.1mdvmes5.2.i586.rpm
7a926b7da38eb87ec265a2e8630b405c mes5/i586/firefox-sl-3.6.17-0.1mdvmes5.2.i586.rpm
23d443bb392eebe34cc23645390e5db3 mes5/i586/firefox-sq-3.6.17-0.1mdvmes5.2.i586.rpm
1c863cc5d1ff0ca73463e3fadb49826d mes5/i586/firefox-sr-3.6.17-0.1mdvmes5.2.i586.rpm
eefc88ca28558a2aa84916ab68c8784b mes5/i586/firefox-sv_SE-3.6.17-0.1mdvmes5.2.i586.rpm
a370f38efa21a805eb7ffcaa3b0ff4e6 mes5/i586/firefox-te-3.6.17-0.1mdvmes5.2.i586.rpm
1938a177263949976d41d331ad88a6fd mes5/i586/firefox-th-3.6.17-0.1mdvmes5.2.i586.rpm
411b0440df40c11a6b6afd2678f88194 mes5/i586/firefox-tr-3.6.17-0.1mdvmes5.2.i586.rpm
19a879814fca5ab264c360a3c2a7bc94 mes5/i586/firefox-uk-3.6.17-0.1mdvmes5.2.i586.rpm
21fb65bdb7b2d072cd856b89f82b5110 mes5/i586/firefox-zh_CN-3.6.17-0.1mdvmes5.2.i586.rpm
48aeb095031ec9bb857d43eaa787c3f3 mes5/i586/firefox-zh_TW-3.6.17-0.1mdvmes5.2.i586.rpm
ab0bdd9c6e0ac64cece89ab65dc561c5 mes5/i586/gnome-python-extras-2.19.1-20.27mdvmes5.2.i586.rpm
c8d2cbcd8b1aaa8a2a51bcdbb0b2b910 mes5/i586/gnome-python-gda-2.19.1-20.27mdvmes5.2.i586.rpm
ec5227d35f1449aaf7efe40f7fbb318f mes5/i586/gnome-python-gda-devel-2.19.1-20.27mdvmes5.2.i586.rpm
7b452ca6f2d66637d394660ea03d9d2a mes5/i586/gnome-python-gdl-2.19.1-20.27mdvmes5.2.i586.rpm
fb3c82427b3e7431ad8a258fc9eff104 mes5/i586/gnome-python-gtkhtml2-2.19.1-20.27mdvmes5.2.i586.rpm
ab2354cebdc0b8e2aa173ead5532b4ac mes5/i586/gnome-python-gtkmozembed-2.19.1-20.27mdvmes5.2.i586.rpm
b534f20edd5f3757349a8c4a50d0a0e6 mes5/i586/gnome-python-gtkspell-2.19.1-20.27mdvmes5.2.i586.rpm
61a1d120a4e4570fb72dad35226769b4 mes5/i586/lemon-3.7.4-0.1mdvmes5.2.i586.rpm
69e75f2466743e6d1400e6fe780040fd mes5/i586/libsqlite3_0-3.7.6.2-0.1mdvmes5.2.i586.rpm
a3d24e02c7564b24ba0e1c84e47c1199 mes5/i586/libsqlite3-devel-3.7.6.2-0.1mdvmes5.2.i586.rpm
92f31472aa1598fa93e62e343e58c451 mes5/i586/libsqlite3-static-devel-3.7.6.2-0.1mdvmes5.2.i586.rpm
dc34aa3a20ded6207c29571b1442dc61 mes5/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdvmes5.2.i586.rpm
b403f1b78eca1fa166eed7314589d6c3 mes5/i586/libxulrunner-devel-1.9.2.17-0.1mdvmes5.2.i586.rpm
266697bb330b9b48b1c10a5e9f728d63 mes5/i586/sqlite3-tools-3.7.6.2-0.1mdvmes5.2.i586.rpm
076f2a699a8ef53d6c276be266a9af9f mes5/i586/xulrunner-1.9.2.17-0.1mdvmes5.2.i586.rpm
f07e55998cada837f50c314833682dbc mes5/i586/yelp-2.24.0-3.28mdvmes5.2.i586.rpm
08e3395dcf5d79aad887b04fccbeca1a mes5/SRPMS/firefox-3.6.17-0.1mdvmes5.2.src.rpm
ace71a7037acfef2e442c0f1d472a558 mes5/SRPMS/firefox-l10n-3.6.17-0.1mdvmes5.2.src.rpm
f625973d73bdc2c483e16d69d86ed015 mes5/SRPMS/gnome-python-extras-2.19.1-20.27mdvmes5.2.src.rpm
5e72aa3d556fbaadb3feba514417c97f mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm
42a930801375eab6b2532bbe97f2938d mes5/SRPMS/sqlite3-3.7.6.2-0.1mdvmes5.2.src.rpm
6e2762193b3083bdc03e89d638c1ca59 mes5/SRPMS/xulrunner-1.9.2.17-0.1mdvmes5.2.src.rpm
a0115bd0847187c4a21ded2734c2567a mes5/SRPMS/yelp-2.24.0-3.28mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
bcbc626f149907e7db0aa880b0986682 mes5/x86_64/firefox-3.6.17-0.1mdvmes5.2.x86_64.rpm
56ce0c4dc89e1f2626b26b61ba0eb1f9 mes5/x86_64/firefox-af-3.6.17-0.1mdvmes5.2.x86_64.rpm
2d8db2677a37b8a1ae081c2a30807bdf mes5/x86_64/firefox-ar-3.6.17-0.1mdvmes5.2.x86_64.rpm
8f13b9c5f31e3baf114d8ff1c4662a0f mes5/x86_64/firefox-be-3.6.17-0.1mdvmes5.2.x86_64.rpm
9b1498c677c64c9a4b5e003f614b66de mes5/x86_64/firefox-bg-3.6.17-0.1mdvmes5.2.x86_64.rpm
17c1cf44b4a4f6acb460bb4745f608bb mes5/x86_64/firefox-bn-3.6.17-0.1mdvmes5.2.x86_64.rpm
d24d45ec96e39a93d22a9304e7cf67ac mes5/x86_64/firefox-ca-3.6.17-0.1mdvmes5.2.x86_64.rpm
2c9635ebd5eb01ee812abe1e60fc1a90 mes5/x86_64/firefox-cs-3.6.17-0.1mdvmes5.2.x86_64.rpm
9d6e1fb46850b1ed7e541739e283ac2f mes5/x86_64/firefox-cy-3.6.17-0.1mdvmes5.2.x86_64.rpm
8f7cd04bb995712880ad9f552b08bcea mes5/x86_64/firefox-da-3.6.17-0.1mdvmes5.2.x86_64.rpm
3dc2f1215bd97c95e307bea6d857502b mes5/x86_64/firefox-de-3.6.17-0.1mdvmes5.2.x86_64.rpm
c238ee61325ec66dc6b25e617890c2c7 mes5/x86_64/firefox-devel-3.6.17-0.1mdvmes5.2.x86_64.rpm
15fc79ff42e1c5040ff074762ecf9a08 mes5/x86_64/firefox-el-3.6.17-0.1mdvmes5.2.x86_64.rpm
f8739033ea7805998e813121b932974d mes5/x86_64/firefox-en_GB-3.6.17-0.1mdvmes5.2.x86_64.rpm
37d15a0e10ea45f53052cb975480ec9c mes5/x86_64/firefox-eo-3.6.17-0.1mdvmes5.2.x86_64.rpm
1080d11107b386d5847a3900bd7f82ec mes5/x86_64/firefox-es_AR-3.6.17-0.1mdvmes5.2.x86_64.rpm
eb471420d0ec8c797fed7d9737eb7cd1 mes5/x86_64/firefox-es_ES-3.6.17-0.1mdvmes5.2.x86_64.rpm
466a7b12b2720ba3a2a097a042334d19 mes5/x86_64/firefox-et-3.6.17-0.1mdvmes5.2.x86_64.rpm
62f7faefd2691977ac089b1230777fd1 mes5/x86_64/firefox-eu-3.6.17-0.1mdvmes5.2.x86_64.rpm
43e52f4084a1edb8fc3a98842cccf94f mes5/x86_64/firefox-fi-3.6.17-0.1mdvmes5.2.x86_64.rpm
2e02f68eaea320129bf14462b3f3c1e3 mes5/x86_64/firefox-fr-3.6.17-0.1mdvmes5.2.x86_64.rpm
8b906e8ddb2fc609d706262f892066cb mes5/x86_64/firefox-fy-3.6.17-0.1mdvmes5.2.x86_64.rpm
6c66cdeb261ccf59226e4940325e3ed9 mes5/x86_64/firefox-ga_IE-3.6.17-0.1mdvmes5.2.x86_64.rpm
61d5f0c94ba1fc1d9075d27e6575450d mes5/x86_64/firefox-gl-3.6.17-0.1mdvmes5.2.x86_64.rpm
7879ff61a4cb6c2f5b9b501f7d76ccce mes5/x86_64/firefox-gu_IN-3.6.17-0.1mdvmes5.2.x86_64.rpm
2e95af25ff50975161d817274c70a435 mes5/x86_64/firefox-he-3.6.17-0.1mdvmes5.2.x86_64.rpm
e0de5a247cca79950b88b367d7c03eb6 mes5/x86_64/firefox-hi-3.6.17-0.1mdvmes5.2.x86_64.rpm
a109e4717ed021a0bf05af9c8364af9b mes5/x86_64/firefox-hu-3.6.17-0.1mdvmes5.2.x86_64.rpm
c6750aaa0a1e2b68757ef92bdc9b8820 mes5/x86_64/firefox-id-3.6.17-0.1mdvmes5.2.x86_64.rpm
e78ecd366539d9e8826de2d9b9d53475 mes5/x86_64/firefox-is-3.6.17-0.1mdvmes5.2.x86_64.rpm
46d2e1106df05c0a23eb51774e8f3b94 mes5/x86_64/firefox-it-3.6.17-0.1mdvmes5.2.x86_64.rpm
daf9972befd078246c1b894da7113bf4 mes5/x86_64/firefox-ja-3.6.17-0.1mdvmes5.2.x86_64.rpm
6b80fa3bb62ddeddd402730ac426fa4c mes5/x86_64/firefox-ka-3.6.17-0.1mdvmes5.2.x86_64.rpm
d03328157f05d2d17c4bca57b67a80dd mes5/x86_64/firefox-kn-3.6.17-0.1mdvmes5.2.x86_64.rpm
cb0715cd4a81594dcfb2c12ded2f0da9 mes5/x86_64/firefox-ko-3.6.17-0.1mdvmes5.2.x86_64.rpm
915e0f528feef5d0c9977e1226ff054b mes5/x86_64/firefox-ku-3.6.17-0.1mdvmes5.2.x86_64.rpm
5999f9b990455d35c6b7309ce24a5521 mes5/x86_64/firefox-lt-3.6.17-0.1mdvmes5.2.x86_64.rpm
ec301658c5d0735dbd4d5bb73b49719f mes5/x86_64/firefox-lv-3.6.17-0.1mdvmes5.2.x86_64.rpm
69cbe297fd4885895dfffc2f82c97613 mes5/x86_64/firefox-mk-3.6.17-0.1mdvmes5.2.x86_64.rpm
cc375fff57a189f0eed8b0127b5bac0f mes5/x86_64/firefox-mr-3.6.17-0.1mdvmes5.2.x86_64.rpm
1dea9c1581fb71783f921b44c467f894 mes5/x86_64/firefox-nb_NO-3.6.17-0.1mdvmes5.2.x86_64.rpm
2efeef9a98c5ec444083ee6c0ec28a9e mes5/x86_64/firefox-nl-3.6.17-0.1mdvmes5.2.x86_64.rpm
b2a0f77c3a5f144fd9b13e6e18b5668d mes5/x86_64/firefox-nn_NO-3.6.17-0.1mdvmes5.2.x86_64.rpm
459caa344929122196f40a0b03aaa77f mes5/x86_64/firefox-oc-3.6.17-0.1mdvmes5.2.x86_64.rpm
7acc021757df45d4c9a3f0adf5058f4e mes5/x86_64/firefox-pa_IN-3.6.17-0.1mdvmes5.2.x86_64.rpm
4c415b9549be3c5b901a18a751e72e7e mes5/x86_64/firefox-pl-3.6.17-0.1mdvmes5.2.x86_64.rpm
b7410e6f949e2e167b6a5ffa13f1d5a4 mes5/x86_64/firefox-pt_BR-3.6.17-0.1mdvmes5.2.x86_64.rpm
43cc010a9f8b133adac9a4eb5fd111f7 mes5/x86_64/firefox-pt_PT-3.6.17-0.1mdvmes5.2.x86_64.rpm
04ed29a15e51451cfa4122eb7c4ada8e mes5/x86_64/firefox-ro-3.6.17-0.1mdvmes5.2.x86_64.rpm
c5f071ad5734fc69ed6187ae9f92e72d mes5/x86_64/firefox-ru-3.6.17-0.1mdvmes5.2.x86_64.rpm
7bb7fd81e876495f4ae7ab30da0f9ae4 mes5/x86_64/firefox-si-3.6.17-0.1mdvmes5.2.x86_64.rpm
975dcd619280dbcf17b55d538f01e93e mes5/x86_64/firefox-sk-3.6.17-0.1mdvmes5.2.x86_64.rpm
d8e4dfe5ffb9bfc49709b60e7fbf2c92 mes5/x86_64/firefox-sl-3.6.17-0.1mdvmes5.2.x86_64.rpm
1b33061a688a563053bcd50bc4449db1 mes5/x86_64/firefox-sq-3.6.17-0.1mdvmes5.2.x86_64.rpm
5fef483a4f5e020021c2cd4e34749ab7 mes5/x86_64/firefox-sr-3.6.17-0.1mdvmes5.2.x86_64.rpm
6e21f7add5864e8ee26dc8a744fdc30b mes5/x86_64/firefox-sv_SE-3.6.17-0.1mdvmes5.2.x86_64.rpm
e86770d480ecd52ed6ee2eeae6f6d24b mes5/x86_64/firefox-te-3.6.17-0.1mdvmes5.2.x86_64.rpm
24a6cd92245b7c16404059228dee56a1 mes5/x86_64/firefox-th-3.6.17-0.1mdvmes5.2.x86_64.rpm
fc97ff214f1fd47aa3d270a20c238913 mes5/x86_64/firefox-tr-3.6.17-0.1mdvmes5.2.x86_64.rpm
6d665853c2345607b932f836eeb9ab8a mes5/x86_64/firefox-uk-3.6.17-0.1mdvmes5.2.x86_64.rpm
afa7c5c1bc9aec01733382e300770e61 mes5/x86_64/firefox-zh_CN-3.6.17-0.1mdvmes5.2.x86_64.rpm
8bb13a84c1efabc7baf94143e3a78364 mes5/x86_64/firefox-zh_TW-3.6.17-0.1mdvmes5.2.x86_64.rpm
b7a1511c5b7ff2d910fb8fa306a9fb50 mes5/x86_64/gnome-python-extras-2.19.1-20.27mdvmes5.2.x86_64.rpm
e2df82f36fb325df0797b18847dbb1a5 mes5/x86_64/gnome-python-gda-2.19.1-20.27mdvmes5.2.x86_64.rpm
8253a637a23efef6c15c552b9b0a3459 mes5/x86_64/gnome-python-gda-devel-2.19.1-20.27mdvmes5.2.x86_64.rpm
2a6a42257bc206b8c373315808f89a11 mes5/x86_64/gnome-python-gdl-2.19.1-20.27mdvmes5.2.x86_64.rpm
407ab79e0a50b3c361c528ad0381dc0a mes5/x86_64/gnome-python-gtkhtml2-2.19.1-20.27mdvmes5.2.x86_64.rpm
214a324b266e552e2393e31be905fec0 mes5/x86_64/gnome-python-gtkmozembed-2.19.1-20.27mdvmes5.2.x86_64.rpm
f00814fd166c6173473923145f7edb09 mes5/x86_64/gnome-python-gtkspell-2.19.1-20.27mdvmes5.2.x86_64.rpm
fb5f99420187bd9d38fca89a3c296779 mes5/x86_64/lemon-3.7.4-0.1mdvmes5.2.x86_64.rpm
5b84fb55152b544c80660e96a1ec63c8 mes5/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdvmes5.2.x86_64.rpm
1e399ecae3c9de83bc4d4f2a91a74dfb mes5/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdvmes5.2.x86_64.rpm
aea22ba2c95d994dd25bd9433aa93bd1 mes5/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdvmes5.2.x86_64.rpm
13bce11c19e821c3d7c2f4cdc1ab402f mes5/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdvmes5.2.x86_64.rpm
8a3ca64ce81aadbdd2ecb3a398570762 mes5/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdvmes5.2.x86_64.rpm
437b579498eb505c806cee54a61abca7 mes5/x86_64/sqlite3-tools-3.7.6.2-0.1mdvmes5.2.x86_64.rpm
e29899f953d34097cb5c8679dd7775df mes5/x86_64/xulrunner-1.9.2.17-0.1mdvmes5.2.x86_64.rpm
93bd94819b0b98ead5f8eb7b00bf8703 mes5/x86_64/yelp-2.24.0-3.28mdvmes5.2.x86_64.rpm
08e3395dcf5d79aad887b04fccbeca1a mes5/SRPMS/firefox-3.6.17-0.1mdvmes5.2.src.rpm
ace71a7037acfef2e442c0f1d472a558 mes5/SRPMS/firefox-l10n-3.6.17-0.1mdvmes5.2.src.rpm
f625973d73bdc2c483e16d69d86ed015 mes5/SRPMS/gnome-python-extras-2.19.1-20.27mdvmes5.2.src.rpm
5e72aa3d556fbaadb3feba514417c97f mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm
42a930801375eab6b2532bbe97f2938d mes5/SRPMS/sqlite3-3.7.6.2-0.1mdvmes5.2.src.rpm
6e2762193b3083bdc03e89d638c1ca59 mes5/SRPMS/xulrunner-1.9.2.17-0.1mdvmes5.2.src.rpm
a0115bd0847187c4a21ded2734c2567a mes5/SRPMS/yelp-2.24.0-3.28mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNu9bfmqjQ0CJFipgRAjj2AJ4iav3EMP5XoLEC8nisesrJPy7FSgCeJ9JX
uo5K88YBkyVTJhsEYpwVsxA=
=nlH5
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: January 08, 2013
Bugs: #180159, #181361, #207261, #238535, #246602, #251322,
#255221, #255234, #255687, #257577, #260062, #261386,
#262704, #267234, #273918, #277752, #280226, #280234,
#280393, #282549, #284439, #286721, #290892, #292034,
#297532, #305689, #307045, #311021, #312361, #312645,
#312651, #312675, #312679, #312763, #313003, #324735,
#326341, #329279, #336396, #341821, #342847, #348316,
#357057, #360055, #360315, #365323, #373595, #379549,
#381245, #388045, #390771, #395431, #401701, #403183,
#404437, #408161, #413657, #419917, #427224, #433383,
#437780, #439586, #439960, #444318
ID: 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which
may allow execution of arbitrary code or local privilege escalation.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications such as Firefox
and Thunderbird. NSS is Mozilla's Network Security Services library
that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11
2 www-client/firefox-bin < 10.0.11 >= 10.0.11
3 mail-client/thunderbird < 10.0.11 >= 10.0.11
4 mail-client/thunderbird-bin
< 10.0.11 >= 10.0.11
5 www-client/seamonkey < 2.14-r1 >= 2.14-r1
6 www-client/seamonkey-bin
< 2.14 >= 2.14
7 dev-libs/nss < 3.14 >= 3.14
8 www-client/mozilla-firefox
<= 3.6.8 Vulnerable!
9 www-client/mozilla-firefox-bin
<= 3.5.6 Vulnerable!
10 mail-client/mozilla-thunderbird
<= 3.0.4-r1 Vulnerable!
11 mail-client/mozilla-thunderbird-bin
<= 3.0 Vulnerable!
12 www-client/icecat <= 10.0-r1 Vulnerable!
13 net-libs/xulrunner <= 2.0-r1 Vulnerable!
14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
14 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
bypass restrictions and protection mechanisms, force file downloads,
conduct XML injection attacks, conduct XSS attacks, bypass the Same
Origin Policy, spoof URL's for phishing attacks, trigger a vertical
scroll, spoof the location bar, spoof an SSL indicator, modify the
browser's font, conduct clickjacking attacks, or have other unspecified
impact.
A local attacker could gain escalated privileges, obtain sensitive
information, or replace an arbitrary downloaded file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the
"www-client/firefox" package. To upgrade, please unmerge
"www-client/mozilla-firefox" and then emerge the latest
"www-client/firefox" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox"
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the
"www-client/firefox-bin" package. To upgrade, please unmerge
"www-client/mozilla-firefox-bin" and then emerge the latest
"www-client/firefox-bin" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox-bin"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the
"mail-client/thunderbird" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird" and then emerge the latest
"mail-client/thunderbird" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into
the "mail-client/thunderbird-bin" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird-bin" and then emerge the latest
"mail-client/thunderbird-bin" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird-bin"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users
unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users
unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We
recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
==========
[ 1 ] CVE-2011-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101
[ 2 ] CVE-2007-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436
[ 3 ] CVE-2007-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437
[ 4 ] CVE-2007-2671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671
[ 5 ] CVE-2007-3073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073
[ 6 ] CVE-2008-0016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016
[ 7 ] CVE-2008-0017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017
[ 8 ] CVE-2008-0367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367
[ 9 ] CVE-2008-3835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835
[ 10 ] CVE-2008-3836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836
[ 11 ] CVE-2008-3837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837
[ 12 ] CVE-2008-4058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058
[ 13 ] CVE-2008-4059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059
[ 14 ] CVE-2008-4060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060
[ 15 ] CVE-2008-4061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061
[ 16 ] CVE-2008-4062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062
[ 17 ] CVE-2008-4063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063
[ 18 ] CVE-2008-4064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064
[ 19 ] CVE-2008-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065
[ 20 ] CVE-2008-4066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066
[ 21 ] CVE-2008-4067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067
[ 22 ] CVE-2008-4068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068
[ 23 ] CVE-2008-4069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069
[ 24 ] CVE-2008-4070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070
[ 25 ] CVE-2008-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582
[ 26 ] CVE-2008-5012
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012
[ 27 ] CVE-2008-5013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013
[ 28 ] CVE-2008-5014
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014
[ 29 ] CVE-2008-5015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015
[ 30 ] CVE-2008-5016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016
[ 31 ] CVE-2008-5017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017
[ 32 ] CVE-2008-5018
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018
[ 33 ] CVE-2008-5019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019
[ 34 ] CVE-2008-5021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021
[ 35 ] CVE-2008-5022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022
[ 36 ] CVE-2008-5023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023
[ 37 ] CVE-2008-5024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024
[ 38 ] CVE-2008-5052
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052
[ 39 ] CVE-2008-5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500
[ 40 ] CVE-2008-5501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501
[ 41 ] CVE-2008-5502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502
[ 42 ] CVE-2008-5503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503
[ 43 ] CVE-2008-5504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504
[ 44 ] CVE-2008-5505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505
[ 45 ] CVE-2008-5506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506
[ 46 ] CVE-2008-5507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507
[ 47 ] CVE-2008-5508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508
[ 48 ] CVE-2008-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510
[ 49 ] CVE-2008-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511
[ 50 ] CVE-2008-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512
[ 51 ] CVE-2008-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513
[ 52 ] CVE-2008-5822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822
[ 53 ] CVE-2008-5913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913
[ 54 ] CVE-2008-6961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961
[ 55 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 56 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 57 ] CVE-2009-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352
[ 58 ] CVE-2009-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353
[ 59 ] CVE-2009-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354
[ 60 ] CVE-2009-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355
[ 61 ] CVE-2009-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356
[ 62 ] CVE-2009-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357
[ 63 ] CVE-2009-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358
[ 64 ] CVE-2009-0652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652
[ 65 ] CVE-2009-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771
[ 66 ] CVE-2009-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772
[ 67 ] CVE-2009-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773
[ 68 ] CVE-2009-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774
[ 69 ] CVE-2009-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775
[ 70 ] CVE-2009-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776
[ 71 ] CVE-2009-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777
[ 72 ] CVE-2009-1044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044
[ 73 ] CVE-2009-1169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169
[ 74 ] CVE-2009-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302
[ 75 ] CVE-2009-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303
[ 76 ] CVE-2009-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304
[ 77 ] CVE-2009-1305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305
[ 78 ] CVE-2009-1306
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306
[ 79 ] CVE-2009-1307
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307
[ 80 ] CVE-2009-1308
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308
[ 81 ] CVE-2009-1309
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309
[ 82 ] CVE-2009-1310
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310
[ 83 ] CVE-2009-1311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311
[ 84 ] CVE-2009-1312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312
[ 85 ] CVE-2009-1313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313
[ 86 ] CVE-2009-1392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392
[ 87 ] CVE-2009-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563
[ 88 ] CVE-2009-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571
[ 89 ] CVE-2009-1828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828
[ 90 ] CVE-2009-1832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832
[ 91 ] CVE-2009-1833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833
[ 92 ] CVE-2009-1834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834
[ 93 ] CVE-2009-1835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835
[ 94 ] CVE-2009-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836
[ 95 ] CVE-2009-1837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837
[ 96 ] CVE-2009-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838
[ 97 ] CVE-2009-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839
[ 98 ] CVE-2009-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840
[ 99 ] CVE-2009-1841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841
[ 100 ] CVE-2009-2043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043
[ 101 ] CVE-2009-2044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044
[ 102 ] CVE-2009-2061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061
[ 103 ] CVE-2009-2065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065
[ 104 ] CVE-2009-2210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210
[ 105 ] CVE-2009-2404
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404
[ 106 ] CVE-2009-2408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408
[ 107 ] CVE-2009-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462
[ 108 ] CVE-2009-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463
[ 109 ] CVE-2009-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464
[ 110 ] CVE-2009-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465
[ 111 ] CVE-2009-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466
[ 112 ] CVE-2009-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467
[ 113 ] CVE-2009-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469
[ 114 ] CVE-2009-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470
[ 115 ] CVE-2009-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471
[ 116 ] CVE-2009-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472
[ 117 ] CVE-2009-2477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477
[ 118 ] CVE-2009-2478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478
[ 119 ] CVE-2009-2479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479
[ 120 ] CVE-2009-2535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535
[ 121 ] CVE-2009-2654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654
[ 122 ] CVE-2009-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662
[ 123 ] CVE-2009-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664
[ 124 ] CVE-2009-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665
[ 125 ] CVE-2009-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069
[ 126 ] CVE-2009-3070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070
[ 127 ] CVE-2009-3071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071
[ 128 ] CVE-2009-3072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072
[ 129 ] CVE-2009-3074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074
[ 130 ] CVE-2009-3075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075
[ 131 ] CVE-2009-3076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076
[ 132 ] CVE-2009-3077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077
[ 133 ] CVE-2009-3078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078
[ 134 ] CVE-2009-3079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079
[ 135 ] CVE-2009-3274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274
[ 136 ] CVE-2009-3371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371
[ 137 ] CVE-2009-3372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372
[ 138 ] CVE-2009-3373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373
[ 139 ] CVE-2009-3374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374
[ 140 ] CVE-2009-3375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375
[ 141 ] CVE-2009-3376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376
[ 142 ] CVE-2009-3377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377
[ 143 ] CVE-2009-3378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378
[ 144 ] CVE-2009-3379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379
[ 145 ] CVE-2009-3380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380
[ 146 ] CVE-2009-3381
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381
[ 147 ] CVE-2009-3382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382
[ 148 ] CVE-2009-3383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383
[ 149 ] CVE-2009-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388
[ 150 ] CVE-2009-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389
[ 151 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 152 ] CVE-2009-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978
[ 153 ] CVE-2009-3979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979
[ 154 ] CVE-2009-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980
[ 155 ] CVE-2009-3981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981
[ 156 ] CVE-2009-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982
[ 157 ] CVE-2009-3983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983
[ 158 ] CVE-2009-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984
[ 159 ] CVE-2009-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985
[ 160 ] CVE-2009-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986
[ 161 ] CVE-2009-3987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987
[ 162 ] CVE-2009-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988
[ 163 ] CVE-2010-0159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159
[ 164 ] CVE-2010-0160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160
[ 165 ] CVE-2010-0162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162
[ 166 ] CVE-2010-0163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163
[ 167 ] CVE-2010-0164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164
[ 168 ] CVE-2010-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165
[ 169 ] CVE-2010-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166
[ 170 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 171 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 172 ] CVE-2010-0168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168
[ 173 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 174 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 175 ] CVE-2010-0170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170
[ 176 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 177 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 178 ] CVE-2010-0172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172
[ 179 ] CVE-2010-0173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173
[ 180 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 181 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 182 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 183 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 184 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 185 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 186 ] CVE-2010-0177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177
[ 187 ] CVE-2010-0178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178
[ 188 ] CVE-2010-0179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179
[ 189 ] CVE-2010-0181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181
[ 190 ] CVE-2010-0182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182
[ 191 ] CVE-2010-0183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183
[ 192 ] CVE-2010-0220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220
[ 193 ] CVE-2010-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648
[ 194 ] CVE-2010-0654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654
[ 195 ] CVE-2010-1028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028
[ 196 ] CVE-2010-1121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121
[ 197 ] CVE-2010-1125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125
[ 198 ] CVE-2010-1196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196
[ 199 ] CVE-2010-1197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197
[ 200 ] CVE-2010-1198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198
[ 201 ] CVE-2010-1199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199
[ 202 ] CVE-2010-1200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200
[ 203 ] CVE-2010-1201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201
[ 204 ] CVE-2010-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202
[ 205 ] CVE-2010-1203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203
[ 206 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 207 ] CVE-2010-1206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206
[ 208 ] CVE-2010-1207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207
[ 209 ] CVE-2010-1208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208
[ 210 ] CVE-2010-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209
[ 211 ] CVE-2010-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210
[ 212 ] CVE-2010-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211
[ 213 ] CVE-2010-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212
[ 214 ] CVE-2010-1213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213
[ 215 ] CVE-2010-1214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214
[ 216 ] CVE-2010-1215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215
[ 217 ] CVE-2010-1585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585
[ 218 ] CVE-2010-2751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751
[ 219 ] CVE-2010-2752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752
[ 220 ] CVE-2010-2753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753
[ 221 ] CVE-2010-2754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754
[ 222 ] CVE-2010-2755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755
[ 223 ] CVE-2010-2760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760
[ 224 ] CVE-2010-2762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762
[ 225 ] CVE-2010-2763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763
[ 226 ] CVE-2010-2764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764
[ 227 ] CVE-2010-2765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765
[ 228 ] CVE-2010-2766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766
[ 229 ] CVE-2010-2767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767
[ 230 ] CVE-2010-2768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768
[ 231 ] CVE-2010-2769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769
[ 232 ] CVE-2010-2770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770
[ 233 ] CVE-2010-3131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131
[ 234 ] CVE-2010-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166
[ 235 ] CVE-2010-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167
[ 236 ] CVE-2010-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168
[ 237 ] CVE-2010-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169
[ 238 ] CVE-2010-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170
[ 239 ] CVE-2010-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171
[ 240 ] CVE-2010-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173
[ 241 ] CVE-2010-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174
[ 242 ] CVE-2010-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175
[ 243 ] CVE-2010-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176
[ 244 ] CVE-2010-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177
[ 245 ] CVE-2010-3178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178
[ 246 ] CVE-2010-3179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179
[ 247 ] CVE-2010-3180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180
[ 248 ] CVE-2010-3182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182
[ 249 ] CVE-2010-3183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183
[ 250 ] CVE-2010-3399
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399
[ 251 ] CVE-2010-3400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400
[ 252 ] CVE-2010-3765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765
[ 253 ] CVE-2010-3766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766
[ 254 ] CVE-2010-3767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767
[ 255 ] CVE-2010-3768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768
[ 256 ] CVE-2010-3769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769
[ 257 ] CVE-2010-3770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770
[ 258 ] CVE-2010-3771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771
[ 259 ] CVE-2010-3772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772
[ 260 ] CVE-2010-3773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773
[ 261 ] CVE-2010-3774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774
[ 262 ] CVE-2010-3775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775
[ 263 ] CVE-2010-3776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776
[ 264 ] CVE-2010-3777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777
[ 265 ] CVE-2010-3778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778
[ 266 ] CVE-2010-4508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508
[ 267 ] CVE-2010-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074
[ 268 ] CVE-2011-0051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051
[ 269 ] CVE-2011-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053
[ 270 ] CVE-2011-0054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054
[ 271 ] CVE-2011-0055
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055
[ 272 ] CVE-2011-0056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056
[ 273 ] CVE-2011-0057
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057
[ 274 ] CVE-2011-0058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058
[ 275 ] CVE-2011-0059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059
[ 276 ] CVE-2011-0061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061
[ 277 ] CVE-2011-0062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062
[ 278 ] CVE-2011-0065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065
[ 279 ] CVE-2011-0066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066
[ 280 ] CVE-2011-0067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067
[ 281 ] CVE-2011-0068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068
[ 282 ] CVE-2011-0069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069
[ 283 ] CVE-2011-0070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070
[ 284 ] CVE-2011-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071
[ 285 ] CVE-2011-0072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072
[ 286 ] CVE-2011-0073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073
[ 287 ] CVE-2011-0074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074
[ 288 ] CVE-2011-0075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075
[ 289 ] CVE-2011-0076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076
[ 290 ] CVE-2011-0077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077
[ 291 ] CVE-2011-0078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078
[ 292 ] CVE-2011-0079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079
[ 293 ] CVE-2011-0080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080
[ 294 ] CVE-2011-0081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081
[ 295 ] CVE-2011-0082
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082
[ 296 ] CVE-2011-0083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083
[ 297 ] CVE-2011-0084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084
[ 298 ] CVE-2011-0085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085
[ 299 ] CVE-2011-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187
[ 300 ] CVE-2011-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202
[ 301 ] CVE-2011-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712
[ 302 ] CVE-2011-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362
[ 303 ] CVE-2011-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363
[ 304 ] CVE-2011-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364
[ 305 ] CVE-2011-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365
[ 306 ] CVE-2011-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369
[ 307 ] CVE-2011-2370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370
[ 308 ] CVE-2011-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371
[ 309 ] CVE-2011-2372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372
[ 310 ] CVE-2011-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373
[ 311 ] CVE-2011-2374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374
[ 312 ] CVE-2011-2375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375
[ 313 ] CVE-2011-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376
[ 314 ] CVE-2011-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377
[ 315 ] CVE-2011-2378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378
[ 316 ] CVE-2011-2605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605
[ 317 ] CVE-2011-2980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980
[ 318 ] CVE-2011-2981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981
[ 319 ] CVE-2011-2982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982
[ 320 ] CVE-2011-2983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983
[ 321 ] CVE-2011-2984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984
[ 322 ] CVE-2011-2985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985
[ 323 ] CVE-2011-2986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986
[ 324 ] CVE-2011-2987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987
[ 325 ] CVE-2011-2988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988
[ 326 ] CVE-2011-2989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989
[ 327 ] CVE-2011-2990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990
[ 328 ] CVE-2011-2991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991
[ 329 ] CVE-2011-2993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993
[ 330 ] CVE-2011-2995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995
[ 331 ] CVE-2011-2996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996
[ 332 ] CVE-2011-2997
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997
[ 333 ] CVE-2011-2998
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998
[ 334 ] CVE-2011-2999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999
[ 335 ] CVE-2011-3000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000
[ 336 ] CVE-2011-3001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001
[ 337 ] CVE-2011-3002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002
[ 338 ] CVE-2011-3003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003
[ 339 ] CVE-2011-3004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004
[ 340 ] CVE-2011-3005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005
[ 341 ] CVE-2011-3026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026
[ 342 ] CVE-2011-3062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062
[ 343 ] CVE-2011-3232
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232
[ 344 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 345 ] CVE-2011-3640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640
[ 346 ] CVE-2011-3647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647
[ 347 ] CVE-2011-3648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648
[ 348 ] CVE-2011-3649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649
[ 349 ] CVE-2011-3650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650
[ 350 ] CVE-2011-3651
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651
[ 351 ] CVE-2011-3652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652
[ 352 ] CVE-2011-3653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653
[ 353 ] CVE-2011-3654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654
[ 354 ] CVE-2011-3655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655
[ 355 ] CVE-2011-3658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658
[ 356 ] CVE-2011-3659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659
[ 357 ] CVE-2011-3660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660
[ 358 ] CVE-2011-3661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661
[ 359 ] CVE-2011-3663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663
[ 360 ] CVE-2011-3665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665
[ 361 ] CVE-2011-3670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670
[ 362 ] CVE-2011-3866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866
[ 363 ] CVE-2011-4688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688
[ 364 ] CVE-2012-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441
[ 365 ] CVE-2012-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442
[ 366 ] CVE-2012-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443
[ 367 ] CVE-2012-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444
[ 368 ] CVE-2012-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445
[ 369 ] CVE-2012-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446
[ 370 ] CVE-2012-0447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447
[ 371 ] CVE-2012-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449
[ 372 ] CVE-2012-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450
[ 373 ] CVE-2012-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451
[ 374 ] CVE-2012-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452
[ 375 ] CVE-2012-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455
[ 376 ] CVE-2012-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456
[ 377 ] CVE-2012-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457
[ 378 ] CVE-2012-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458
[ 379 ] CVE-2012-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459
[ 380 ] CVE-2012-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460
[ 381 ] CVE-2012-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461
[ 382 ] CVE-2012-0462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462
[ 383 ] CVE-2012-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463
[ 384 ] CVE-2012-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464
[ 385 ] CVE-2012-0467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467
[ 386 ] CVE-2012-0468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468
[ 387 ] CVE-2012-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469
[ 388 ] CVE-2012-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470
[ 389 ] CVE-2012-0471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471
[ 390 ] CVE-2012-0473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473
[ 391 ] CVE-2012-0474
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474
[ 392 ] CVE-2012-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475
[ 393 ] CVE-2012-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477
[ 394 ] CVE-2012-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478
[ 395 ] CVE-2012-0479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479
[ 396 ] CVE-2012-1937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937
[ 397 ] CVE-2012-1938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938
[ 398 ] CVE-2012-1939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939
[ 399 ] CVE-2012-1940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940
[ 400 ] CVE-2012-1941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941
[ 401 ] CVE-2012-1945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945
[ 402 ] CVE-2012-1946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946
[ 403 ] CVE-2012-1947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947
[ 404 ] CVE-2012-1948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948
[ 405 ] CVE-2012-1949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949
[ 406 ] CVE-2012-1950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950
[ 407 ] CVE-2012-1951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951
[ 408 ] CVE-2012-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952
[ 409 ] CVE-2012-1953
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953
[ 410 ] CVE-2012-1954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954
[ 411 ] CVE-2012-1955
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955
[ 412 ] CVE-2012-1956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956
[ 413 ] CVE-2012-1957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957
[ 414 ] CVE-2012-1958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958
[ 415 ] CVE-2012-1959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959
[ 416 ] CVE-2012-1960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960
[ 417 ] CVE-2012-1961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961
[ 418 ] CVE-2012-1962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962
[ 419 ] CVE-2012-1963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963
[ 420 ] CVE-2012-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964
[ 421 ] CVE-2012-1965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965
[ 422 ] CVE-2012-1966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966
[ 423 ] CVE-2012-1967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967
[ 424 ] CVE-2012-1970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970
[ 425 ] CVE-2012-1971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971
[ 426 ] CVE-2012-1972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972
[ 427 ] CVE-2012-1973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973
[ 428 ] CVE-2012-1974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974
[ 429 ] CVE-2012-1975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975
[ 430 ] CVE-2012-1976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976
[ 431 ] CVE-2012-1994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994
[ 432 ] CVE-2012-3956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956
[ 433 ] CVE-2012-3957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957
[ 434 ] CVE-2012-3958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958
[ 435 ] CVE-2012-3959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959
[ 436 ] CVE-2012-3960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960
[ 437 ] CVE-2012-3961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961
[ 438 ] CVE-2012-3962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962
[ 439 ] CVE-2012-3963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963
[ 440 ] CVE-2012-3964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964
[ 441 ] CVE-2012-3965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965
[ 442 ] CVE-2012-3966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966
[ 443 ] CVE-2012-3967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967
[ 444 ] CVE-2012-3968
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968
[ 445 ] CVE-2012-3969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969
[ 446 ] CVE-2012-3970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970
[ 447 ] CVE-2012-3971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971
[ 448 ] CVE-2012-3972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972
[ 449 ] CVE-2012-3973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973
[ 450 ] CVE-2012-3975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975
[ 451 ] CVE-2012-3976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976
[ 452 ] CVE-2012-3977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977
[ 453 ] CVE-2012-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978
[ 454 ] CVE-2012-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980
[ 455 ] CVE-2012-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982
[ 456 ] CVE-2012-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984
[ 457 ] CVE-2012-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985
[ 458 ] CVE-2012-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986
[ 459 ] CVE-2012-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988
[ 460 ] CVE-2012-3989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989
[ 461 ] CVE-2012-3990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990
[ 462 ] CVE-2012-3991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991
[ 463 ] CVE-2012-3992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992
[ 464 ] CVE-2012-3993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993
[ 465 ] CVE-2012-3994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994
[ 466 ] CVE-2012-3995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995
[ 467 ] CVE-2012-4179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179
[ 468 ] CVE-2012-4180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180
[ 469 ] CVE-2012-4181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181
[ 470 ] CVE-2012-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182
[ 471 ] CVE-2012-4183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183
[ 472 ] CVE-2012-4184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184
[ 473 ] CVE-2012-4185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185
[ 474 ] CVE-2012-4186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186
[ 475 ] CVE-2012-4187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187
[ 476 ] CVE-2012-4188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188
[ 477 ] CVE-2012-4190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190
[ 478 ] CVE-2012-4191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191
[ 479 ] CVE-2012-4192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192
[ 480 ] CVE-2012-4193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193
[ 481 ] CVE-2012-4194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194
[ 482 ] CVE-2012-4195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195
[ 483 ] CVE-2012-4196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196
[ 484 ] CVE-2012-4201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201
[ 485 ] CVE-2012-4202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202
[ 486 ] CVE-2012-4204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204
[ 487 ] CVE-2012-4205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205
[ 488 ] CVE-2012-4206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206
[ 489 ] CVE-2012-4207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207
[ 490 ] CVE-2012-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208
[ 491 ] CVE-2012-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209
[ 492 ] CVE-2012-4210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210
[ 493 ] CVE-2012-4212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212
[ 494 ] CVE-2012-4215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215
[ 495 ] CVE-2012-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216
[ 496 ] CVE-2012-5354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354
[ 497 ] CVE-2012-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829
[ 498 ] CVE-2012-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830
[ 499 ] CVE-2012-5833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833
[ 500 ] CVE-2012-5835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835
[ 501 ] CVE-2012-5836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836
[ 502 ] CVE-2012-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838
[ 503 ] CVE-2012-5839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839
[ 504 ] CVE-2012-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840
[ 505 ] CVE-2012-5841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841
[ 506 ] CVE-2012-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842
[ 507 ] CVE-2012-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843
[ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=
ertificates/
[ 509 ] Mozilla Foundation Security Advisory 2011-11
http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
[ 510 ] Mozilla Foundation Security Advisory 2011-34
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
SUSE update for MozillaFirefox, MozillaThunderbird,
mozilla-xulrunner, and seamonkey
SECUNIA ADVISORY ID:
SA44472
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44472/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44472
RELEASE DATE:
2011-05-07
DISCUSS ADVISORY:
http://secunia.com/advisories/44472/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/44472/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44472
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for MozillaFirefox, MozillaThunderbird,
mozilla-xulrunner, and seamonkey.
For more information:
SA44357
SA44406
SOLUTION:
Apply updated packages via the zypper package manager.
ORIGINAL ADVISORY:
openSUSE-SU-2011:0437-1:
http://lists.opensuse.org/opensuse-updates/2011-05/msg00005.html
SUSE-SA:2011:022:
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-200803-0028
|
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values.". Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. ), which can prevent eavesdropping, prevent replay attacks, etc. If a Kerberos 4 message is truncated, the missing part of the message is replaced with what was previously on the stack, and some parts of the principal name are read from the string in the message. These strings are limited to 40 bytes or the next ASCII NUL found in the buffer. If the KDC returns an error message indicating that the master name was not found in the database, it will include the master name in the error message, which may contain previous stack contents. ===========================================================
Ubuntu Security Notice USN-587-1 March 19, 2008
krb5 vulnerabilities
CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libkadm55 1.4.3-5ubuntu0.7
libkrb53 1.4.3-5ubuntu0.7
Ubuntu 6.10:
libkadm55 1.4.3-9ubuntu1.6
libkrb53 1.4.3-9ubuntu1.6
Ubuntu 7.04:
libkadm55 1.4.4-5ubuntu3.4
libkrb53 1.4.4-5ubuntu3.4
Ubuntu 7.10:
libkadm55 1.6.dfsg.1-7ubuntu0.1
libkrb53 1.6.dfsg.1-7ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that krb5 did not correctly handle certain krb4
requests. (CVE-2008-0947)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz
Size/MD5: 1460317 0090e30287f3448ed9babac78c39d5ca
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc
Size/MD5: 848 237125b6b35a1a059e5573d10fd7c18e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb
Size/MD5: 853222 dfd657a08b13ce0f3916e49ab8e3ce28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 190904 e9e05267f551177f3c7cae46fdda9565
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 768706 79270ab27ac164fc4c76822e1dc0be2c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 425714 d8467d288bf46cdfa35ba74e6aa0ff02
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 80378 b2d795bc82f8f962ceff0afdd11060da
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 223230 73161771034af58dc6d0cd0c4be72fa8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 60376 f0712ab86caf1d9d9e52ff3750afeddd
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 135158 34b51b738a69c2aeb9df20e0af93e9bc
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 85274 265b8ad9968001e5c984743650d635ac
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 67600 bd5c7020310f1bd70f8dc98864c2961c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 129906 0f0383de4d51d8581a260021c3332f72
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 165730 8128a78d17cd98c4ccfa086b390af167
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 647222 96672590753337d39b1aadc24dac0531
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 381120 af9c45400c55b68778f3b769c238548d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 72298 754b91046e7e47bb0f2aa58cd2ca3797
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 187240 d7e5a8b1a077776309282bc328aab885
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 54326 1137dd0e4209cf7edb38ff327feb342d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 121564 9e36fe3a9567176b2e224a45e55017a0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 75920 cd8854a9ae911eaa1c82eaa945b3d175
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 58720 eaf05e05f40183c066e294bec431bc61
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 119078 67a73b248bf33afee23ffb885f5d2e18
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 177716 b834ad9d37a2e3dfa44d086c6dcbfbc9
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 752002 22dd063609b942c4996c56a3f74b266c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 395914 b4fde9f81a08aa112f48b38f1d7faf9c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 80530 7e55073ee6b67ba12f0ed48d0137e73c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 220582 482d21e5007a1876bf6af64e434b4942
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 59574 4f47514f7992a292c162f40f8a174ee6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 135962 0e23ea255a84c3a580e0d7e6b0da9546
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 85120 e07cf29268ba053833122cca9ed79d8d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 65990 3c4f25017e0760f4dd10404e604087a8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 134952 7096226ce8ce15dd20c6ed933888d56e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 165278 5c8580725c8a200f24173d38dfce388e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 678538 4002d8655a43f5784d5e9c95bc5b4f76
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 368726 5ee45e24f0ac54d79a55c20674b2887f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 73042 672530bb7218c04a67e23d1053757050
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 197404 ea257178102f6b7732ef12538ead3e24
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 56304 855c59021874c714bd4e2605de10d5a6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 124374 7d8f7f84b2c1648b63129ba342389d75
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 76922 142ed0e2c119d596c5437ac8f9042064
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 62350 db681a03624a21a34425fea9f6fa9ade
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 120620 ebe2ddf8dc131cf6e3322e1cb125f2f3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz
Size/MD5: 1481707 dc6dd5cd6d4a125e2fa70b9ebc3f8b12
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc
Size/MD5: 883 8fdcf0af1cc631c882a44ae0214e0b6f
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb
Size/MD5: 853934 f3a7a044bedb974b32a46708774ec894
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 190826 7772b734a889ea97cf052de39072cead
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 1073390 bedf0987fe159bc38c30663ad966d0ac
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 772708 5cc8e489a0f6fcca17c3e0d8b9588879
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 428050 11b4c2211b18453bd2a662a297569f49
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 81790 06f349106755cc19cfb3f29fcc7228f8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 224408 59491e595a544a84463a6deec8305f66
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 61620 f58dcb4c09e4c96f3db5bfc8172fdffa
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 139116 31943a9766f657fd47ac1aded48d49d6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 87426 1033408d2692b38926947f8ae85e1515
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 68116 291db335b868748c933a7c67e6add6a7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 130628 a2cb3cd3ee9ede8c3c10e695fd8148af
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 173062 e15aa9368fc4e4ef4562a23cc1780484
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 1024998 798f81a00c59842cbc2c8ea8cd4b9a5e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 673152 671e72c1eb7645dfda924c77949610dd
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 404172 445f952e23f810f6de10773a01fd68ae
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 75380 0b3cd4b087f56ebdd527d61194cf7fc0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 196506 bff3435e0da9aecff7a26d73e712937f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 57136 3fafa3cd2cd2792e740c4d6976a881de
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 129352 7e190df154981717bf711697c5042cd4
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 80102 94a76cc7807e9d6598b4a452a7fbb738
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 61928 b7fdd344e683ce45be88f8fa43290175
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 122208 eb1ec6653d6d790e23dbcc14cd98f5f7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 180126 f8e5d077ee06234bbb9881beb9d49f36
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 1076974 4752e5e87fdcd67fcb0f1ee2c35ddf80
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 758400 73ed6c35fbdcf1866a65a6198df8ca82
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 399112 1fdd3a0a2a45bd410a1f4e72713a0e1e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 82420 446cda40d1590c088e2fc83118a58e13
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 223182 8e6f5f3062fe3cfb113db73bc8a1a89e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 61826 b4ad931a1a1d48b668a972893502cd67
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 141210 8892626a667e0010a0cba8fe19df958f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 87318 c7306114bbb195c221962abc469a1d42
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 67222 b99ea3def960bdc849376c508e263f0d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 136888 1c651e27011fa9c25ea87960b40ffe1b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 167176 0f2f57754f3e012257a6fef890a23767
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 957816 2ef6010c70801e7b0dd5e633a08e3fac
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 685238 a68016ffc9abcd0eab3f7f1ae323e83e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 374074 d5ff62adb392f5be8b29c2e1056f6f92
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 75210 9611a07b489b518605a9550b27b3dd7c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 203684 89d989c5db437eba6e9e56fc9bf7dc93
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 58980 b9d7f11d5c491595c90006ae7c039935
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 129664 acf15ad70331066092154952cbd7754a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 80428 8409c34ee32612d48e8936618118bab7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 63612 64b2987c2aee57159bc092c5fe37a25b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 122730 95db549e03f3bc30995d566f8ea7edac
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz
Size/MD5: 1589880 e20eef948656a29a255b557af6e7817b
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc
Size/MD5: 968 971223b33ae8631f013c20a3c8867805
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz
Size/MD5: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb
Size/MD5: 1806176 c34d13b6877a21c426a85719a6ecf6a0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 194368 2b6345b614c38e353a3ec4abd2957e6d
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 1076886 d4e2d9d77afd78df99d96a6541730527
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 772608 c3f93d5b94e84df6faac86b701f9836c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 436580 f7e6430bf6f628592596b44e7341af30
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 83772 ad232225b5bbc88f1e0f5bd55916de24
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 226770 34e47342c392be9006254e15fc0258e3
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 62258 c71fecc4d7bd6e3191c08a19cbf07aa5
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 141840 33ec180078e9b8e1f80fca5f26c1d558
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 88380 64572d633f1a84999b2205bd6958206c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 68890 dcabc2bcaac75b7e226c9090a82207a0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 132614 f129069e4dd68ccf7801c717603713ef
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 176870 9e0e200bdff3119ef8488f9a5bf62e7c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 1031008 8a80209f195b2eb787236e0dcd8aaa23
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 672020 7b5b4e1643b5802b2bbfab006d0e6d7a
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 412036 213c308bef9eaa6762ab755da6e7442a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 77328 295e5ed2c0c2366fc6b3d343607ae431
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 199040 1b0a50f1bf8e421d9838acea254c6c26
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 57780 96ae66401532d513b4333c3429f6e2eb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 131900 fc29493488e6311a94cfa5ec2c5ac7a8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 81008 0c2bd14ee6534cad097d5d80200cc94a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 62650 8d1f1316f52fe066626f0fde07f8b990
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 124088 de985ccf04486e2043c2324affbb18af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 194590 f63db5ccc5825220d5014b1d7eda0ebe
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 1082008 3501eca4bc0d14b39fbc662ee20ab7cb
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 757006 169816425e730c69266d39518fb718f8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 429982 24a79674c75e6f9731d34468ad86e27c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 90254 936f19b572498c2de200fd3e323657de
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 240274 eb844e20839937a3ccad330429ba1840
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 65452 dffc482a088d83a0100e78e69f332bb8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 153794 308fc25b452cb374f7b45a472784761b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 96692 9566a692d6f8a6d47e9f60e25d13927d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 70680 4949b60728fc08134113f744738a293c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 150262 dbf317c0added0c3faae6710b8026fc8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 170940 967a1344994914065dc904da571a2aef
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 965784 bd503df54b8c9afcb4e5a6a375ce7fa8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 683396 939cb2731116dc8718ea4ebc996b5c7e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 380910 5b46d8169ecc2409caad5dd4feacdc2b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 79084 e3da961bcea67ff2c217008d141075cf
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 210904 688aeb4162f4dcf86768ddd299cf6625
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 60996 e20fcf5e2b4bab548fe8e0836aff86eb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 135846 55612458a19bd82331991bbb672f74e9
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 84546 f1fc527ed376549516113ae94ca7d0fb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 65282 7726043628cc103faccb839be0def042
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 127130 edddba0066c5bab862847c750a231a51
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz
Size/MD5: 1674637 40fa0c4bdf307c7e5d9509be9870434e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc
Size/MD5: 1044 2c6766c8721cf2e3caa259cdb5badf10
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz
Size/MD5: 14474321 8f8d6a494380f01a7a0a9236162afa52
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb
Size/MD5: 2076606 1c021446b5f479717a4998df0f87f205
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 165034 78f040deebe1683f8966347e9896fce8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 1308970 04db0004a99e7e0d01b37d922f47df1e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 88606 6509d222135bfaa05ebf79db1f63c2a7
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 493016 54a329e5f8464d5f519ac225f4d5d778
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 87824 cac8d5d1297bb71c52a877cf0b85c393
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 228534 d6c15467cf49d74831ac0ea494eec6f9
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 65864 563aaa90bffe6ff07ff8db56cff826f8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 185182 e1f4910f7b6fca6655696a0bb7169d7b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 91334 c1c20f704f98f19212cfa70ac9edf193
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 72950 de7748ddb5f7cd3f0744eb77770fa3e0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 137592 99c3b6d671ae7f0439f379d5b2688659
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 148364 a3e27e81c7e81f627d05c708faae402d
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 1266912 2696e89ea8cf6e857e36ee740fb65ea0
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 88624 9970f2076c76427dd0cbf217b6a6bba0
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 462068 bd3623332d7737858d0fe5918ef8838d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 81192 d4a4e0e7358f626abc0dbb81575071f6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 199624 5a24164123aaea818f2d40c41186fdf7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 61098 8cc21c42ff5dd534f7158c4c750a498e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 172178 319f2ba5ea41bb97a125049f17154ac4
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 83634 049a305ea62a45ec23b65dbcd04e85fb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 66538 a0c51897ca2c55ee7ec2447465121f5e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 128624 df48b843cf7ab20fc4696d36bba2fe6e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 162676 0c11613a3d49190eb92074c27833f4c6
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 1320150 c2a537a9acf0ebf7b08764506136d37e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 88634 eedc4522ba18dfed6fd2483cf8dd0379
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 482868 4d015493346726e61cd0cf9525e2b1e5
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 94492 50526cbb8952316a7b9195edcf148fd3
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 241802 99608692096cfa0e88372013a1b41517
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 68960 fc1d60376ba03106488b098f4b5ea624
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 198522 24b5f7bb74e3d978888dd1cdd065f881
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 99412 ca441f559a1e11b55c3ef52c54ede8ca
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 74666 0657bf76d80f969330c5391d65291baa
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 155750 967a3ce3bc4fe5383a2a4f6a54ac686a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 145672 b78635a0dbdb4d4d76c7e6d7ee4cb2fa
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 1200060 c280c5257a62a657ba79ac09ed62e4ff
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 88620 9b75ff80509a5b3435f7d6f30b19ac9b
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 431168 3c7606d6ced441110ab47b16de3542fc
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 83030 cc47e0b9c435c5802a2352cb203c435c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 211104 bed40b53469b42c5a65a1f0640ae4d2f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 64404 13877024ad747d0ce0a696210217f170
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 172948 8fd8903c9b1caa12ebe73c7c6f86de98
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 87474 c3f94c62f987a7a6d50f9d5344e59cff
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 69196 97040973c460c004ee83b7ba19ddfc88
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 131692 c12abe7485457bcd0ebe5cf3ecfcc850
. It is theoretically possible for the exposed
information to include secret key data on some platforms.
For the stable distribution (etch), these problems have been fixed in
version 1.4.4-7etch5.
For the old stable distribution (sarge), these problems have been fixed
in version krb5 1.3.6-2sarge6.
We recommend that you upgrade your krb5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (oldstable)
- ----------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz
Size/MD5 checksum: 673705 93382126a3c73ac44ed7daa7d85f166d
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc
Size/MD5 checksum: 782 0391aaf485ef1636ef18c6ba183c3fbe
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb
Size/MD5 checksum: 718916 ca2fb37b53a19207f1e1f1de90c4c1f3
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 137834 d43e9d3f3ef65fe8c8cbbb7b5dcbd144
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 177730 947fb82dd795f9272935ea4cb027e543
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 124864 4f1d0aa9d18013023f4a9f2b9a10db65
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 104886 15037693de0d9dc27460d713b547872a
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 63606 c4cfe2b01bfe0b579b216210817c4fa3
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 369420 c8d1eaf98400880ff82f727fe20f90cd
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 82806 30230dfe2605b88fdeac8811d408acdb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 57048 741292984684fddae11e130dcd388161
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 652378 d8f3493f4354e0b3717ffc72d6592b88
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb
Size/MD5 checksum: 216990 0df13c59411cf57b86bd94e250cf458e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 115684 ef39b71c5ecf4187e24d27c1111c9a54
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 633330 08566aa29ab8d56e26070137a16731a4
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 158874 4f60129aa092ea3d750deb168299abe7
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 54134 e23173f4ad3a59af03fbab0369a714a9
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 58252 255394fcc06d13b6dabc2e87c91dac02
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 198848 aaba0529c817ff11728515f5a116f71b
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 126814 85d31333aa01c4ab1f7b14ffaaa4c08b
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 74940 706b7cbfb01d66cbdb371a9019b3f725
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 329190 a661364db9bd2d5c5340a0c6a5c939f4
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb
Size/MD5 checksum: 93938 04dc96993c79d0113a0626a4439c8cbf
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 125154 afd4a9608fff5b1b3e793881bb2c9c2c
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 64286 b85cf8b5680c12c093ff34150623a3a0
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 59368 3df43bbb40e060d0522495ff3e78412d
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 669644 50027bd1d314e911c4a91647989fad1e
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 104948 a013d1818ed8d6dd7d75a8ac11e795f9
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 187304 401a8e21722c104f3d3aae86cf3640e9
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 383876 d50afad26c9a0416fe47dfdf5ff649f4
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 81992 b6c84f121f66616f578b13a3f0c654ca
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 139202 4972377b638f980ad757128f14132874
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb
Size/MD5 checksum: 224154 8a8436e210dd8892487ea482a1de6522
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 116324 445bced4eb764a78e51b68e4d7558363
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 574784 40fa136876b3219e55de089340c0c85e
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 52890 a6ae74be5b338ab7f215d0846353833e
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 165726 4b2485d3b8a50cd61ffcd2e0748d70fe
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 349416 2f33d4592484a2adf276fd29cfe9d728
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 127878 7232e14b8bc1d78fa4346b4ed393a3b9
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 95656 00f7666dac13adf2a7bfc81c9d801f2f
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 191526 d8613e5a3d87838ee7155f54c1c12f3d
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 57762 2baa509aad5f6b837753e5a3e65e63f1
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb
Size/MD5 checksum: 75890 5e52830c36794bb8ed2cdd14611ec690
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 134332 473be671406f747295c4a94d3f2ca3c5
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 289396 c95c79f18a2a8cb78131a35073c09ebe
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 890018 a9ca82650f5f96ac66d2b4436b0d1345
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 167350 f448dced91316668c1d33d6a0776eb2c
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 240384 5dc95c9ea35a7b052041e177114c5acf
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 79982 8980a39a06eeca5ef5adb623786742a2
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 73692 039a88dc8793fa4de6e461408cde62bd
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 105008 273a9dbaf7a4882f39ebd9de527f76fb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 502382 97f1d32991c1778752bad887f4029990
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb
Size/MD5 checksum: 165288 7d2e3c354cc50db22fc34a396902690f
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 71116 2f35c57d9f24856b013e27b0eef24a25
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 516020 203205bb2e6f66161c2aa98746687190
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 49768 39d4529ec4e27e2fdc75de762c5643fa
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 107660 0659ab018fbf062504348fc63ef97cc6
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 147864 b86ebef3ec1541aeabc20be31e503049
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 305872 1fc4f6385b5196c1c892731eac06f5b3
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 122106 c60b71edc9196adda91d40c4b84a908e
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 174180 6d750c072a8d641bd661ea5c688199f3
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 53478 74055ea66e27e24d79c824691da8fe0f
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb
Size/MD5 checksum: 88692 074a5c747c652e7ce8d911077ca5586c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 145108 f432457761497dcfd8e1ba6fe7ac43fa
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 164386 512e3b183ffc5f121f82981f32235377
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 57750 d827cf9980ed4eba196dedf93e7d9b5d
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 680860 b4718176172f14d54d2a4662ae28e534
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 128738 a9592a522e7cc0f6db4c121ac04db438
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 65060 9b5613121aff8f341cb2dc3786b28d78
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 103404 eb3ca8cddb900bd4dfdb10b67ca9622c
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 225708 d09d386a5705b48584ffd51b0127883d
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 355178 359ca6a220b6a9e7af7b949e7a64fb5d
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb
Size/MD5 checksum: 80956 407fec89580608afebb4ff89d95bdf72
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 146678 76f8820a81a1c068ab60348f1302d087
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 103808 db8b0c06f58646093ca80554061cc0d1
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 65266 c27b18832cafb60109ba97e529706a53
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 226540 0ddfa3be4f63eeb0066682928c193996
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 82060 2479f67cadc3533fb499507fc1977b5d
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 355120 d1644230bb4cc0788a04f5f0c8eb961c
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 58164 5dcd7db602701983272b2fbb0db88864
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 130098 472042e34a7ac48352205df510767ddd
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 165632 3074194d27a16bd4e737a9462d6a217a
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb
Size/MD5 checksum: 682776 b0046283d8860fc6c8fe968b335ff463
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 61758 9496fefe85772ad549b84ae523c56e77
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 217812 c5aa73b8513a3698002cc3cedfeff012
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 105320 3677c003bd4c271bbe3daef5cf8f52df
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 143838 61244dbf640bd19ee1cc738ee7b44b34
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 57018 9afa2ba534be545b9d76d1f69c8e5468
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 165746 74c29add119101782727226dc9200db0
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 634906 93dd67378ead6cb763cc304516cbf632
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 353104 c5b16a1f26d01435b2bcb540b5b97730
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 82702 f728717a6a25b233526ad69934e376f4
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb
Size/MD5 checksum: 126246 da0e3adca803929ae44fad884949cbe2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 214176 9c4b2684ce790d6544d078efde32f5d3
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 132996 1ed627f09d5b25bb3eaaaa4148207d7f
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 63428 332d6f0c94eabdca1df666a3ec0c6184
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 57214 f518a8dd4336c3916bb8c533bd8b6301
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 624898 27ed5f1406b97c3a429ed6cc41a5421a
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 99652 0e49258823390960faaf06522ab8f1cc
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 376188 ec0fdc218fbe9c53fa5aaec87667b5a7
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 82370 3a26a1e22c24add8b16498a641444a77
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 180336 34967e4eb80a75b18a23a9f3bf05bb5f
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb
Size/MD5 checksum: 121318 883136f99bce1a8f9f413dc3d68f5762
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 576786 3c142ce93bd9b408ea9a6d6046e3d067
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 58950 91be8dfc1160f334f0ed514eaeddb3c4
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 53520 89ceeef920ad596b129365a1f6876818
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 73596 cca4a24557097c3be9dc611d686d0688
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 93348 0a954f5b7f637eeaea3b656699314b99
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 114068 e7a1986874465f458987516f27a705d1
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 157712 2c8a0b75fc4982ee9265d2dd8cab2cc4
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 126780 d6faa238b06d1ff65c6b20b54c7b4fac
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 194584 39322280b333988d5cce973c7c00cdad
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb
Size/MD5 checksum: 330436 27d8b24e5a2bbb57d8078c7b1d391d53
Debian 4.0 (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc
Size/MD5 checksum: 876 e8f30ac6b710091985a2b669632ca174
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz
Size/MD5 checksum: 1590551 c7d7bfb6aa34876ec8b5d0767ed65c2d
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb
Size/MD5 checksum: 1806352 0e3b03d93b1a62a41f9d004d3f6a69eb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 76136 61c8f8b99cd2c5e08fe20121d5a33119
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 461032 12fe64d352941f674f01b875532ec91f
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 91648 ee8cf04beb8687f4afc0684fbed232e9
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 1087614 dc627be2679028513f541ab0db184758
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 245650 57d128cab47e74d75ad56da8b81866fe
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 154868 4cac528d66a64df26a385bb15552061c
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 136110 a0d904994baba8064c640014e238020c
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 216328 7e96a8117e5397282f9027dc99fee308
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 89690 a14489d539fc5274175e92b8c1f99cc4
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 65866 c153e17e3514e566d1b719bd4941c3f2
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb
Size/MD5 checksum: 1017046 543b2403aee468ad0a1692708de9a587
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 83852 4e7e51683f130dfdbaaaa2b6bbdfd70b
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 61474 5ed45d3180ad5cda0839f53d8d9fc716
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 768634 4f227f866f481d0a11a90b1a41d14bbb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 141926 5944b339ff70c630a2d04026dc8a436c
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 68170 d5b5cc9a99c26889dcf685f88cc92a9a
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 129822 8f01b6b85827382fcb2ac54b561a1ec0
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 222262 b16ea5bddeb302c73844a465d5b27020
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 1072208 5458abcef1aa9174a703a51d9910bf42
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 190378 b663d232374d5d8ea6a1aeb6596e1e66
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 426424 39665f5600ac062e43d78823f79016a6
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb
Size/MD5 checksum: 86108 786e35f5915b137445eb034ef1f53eee
arm architecture (ARM)
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 1013602 3087dae461053141fd9099ba1bf1f520
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 63418 6d76005bc5336972fff07aa9961bcbca
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 682712 20f548e7e7fe59ffc450c46c58b73fd1
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 136110 b1774fea7cea371790dc1d7b9a293395
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 173154 785af0fd07d78658edb4a4c25082ca22
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 59834 e369f2b68c8090e91191718d207da76d
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 206238 c69f58637e68a2d455750e32b5b770c0
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 390054 b972d264ad97b69120ee4e4d898f3055
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 81426 82979ab1f34edf407dc1a32f4be2a911
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 123540 f9534a82bfa054018029c9a3934fc121
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb
Size/MD5 checksum: 78826 62163e751d27902012a16758fbbf67e0
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 1050680 8ea8f26032837464c794e615623ac59e
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 87564 ec92090e89dc2c03500c52cbd188e4c3
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 441724 6cc26ce6c3e4fa233222786b15bc08ac
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 64206 fa4e68946117f10d2dbbcea75fabe5d0
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 132802 23e6e453b5943c8df76fd87a18fe2182
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 85370 9011819683422a091d363e0d0064e82e
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 815220 652f24a16193c3d8bf9f128000888850
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 145028 88cb8fd42c037cca495bb200a8d5bacd
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 69692 0ce8e82456cc62420ba31f7ce0aa3a39
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 201216 b7aa6c970117a632b2e60d14829ba7b7
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb
Size/MD5 checksum: 232082 7a823371e31f4b3e937a4e9d7a83d09b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 80306 8c8461beb8bd866080134bf1a25ef557
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 62446 22a83f7567df841b9f34ffc133534a64
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 133360 5e72e490c20ac03f49b7fd6921047048
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 680166 991c24aa3b8e2d82f07e49865d70119b
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 408376 f375a2157e2b1de2eadecbb2f03c8637
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 174112 f9efe4ee2c52dba6806f548d778e0f53
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 58050 b99734e1b92043a8cc816c588b04fce5
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 196558 0b03b5d3920efa1c5efbf8cbe3901f15
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 124206 21cc6d63e1eeaeb9deb70e227d61d84b
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 1037936 a1a2470171c5403563ed285be9caaa9a
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb
Size/MD5 checksum: 78598 80b9f57c39a90e17b67480271ec8cc2a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 305920 940370e13598d9c00b123f97aa3f09ad
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 164602 6dd81cf1a5487ad63e2ab3cf1ce342f1
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 112994 4ccb79847d301064e5e6496f2577b5e5
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 80324 88cc01f93ed8fe3b9c9861176050f004
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 105592 8745ddb42d7cb7afb95ef4f946a26c60
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 1088562 0d2cdc97965b7827a78bca972aed38fd
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 91338 40c9d44d05f3262c1a5d6950c4255e16
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 269600 4acf36a3831bd4d2bb0af4d9130d0f27
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 1043576 6e487c186d462bc98b8ccdfbb5891324
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 190500 4cc37a9cd6bb13da4ca73f87b60738d3
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb
Size/MD5 checksum: 592208 ac3bd63fc244d99757d33c8b8fa8f745
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 71184 99f78076e71ddc74b7809de695945048
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 128534 d08156f659ccfaa953e612ab0f1be1e0
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 86416 a0ccc69288f43974099646a0b4df2702
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 807408 caa736a161edf63d4b7b0200642293cc
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 81794 820abd7cda885cfbcd651eeb819b6ea2
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 176908 eb82211002e6f5fa451b8c6fc72cd8c5
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 230468 6498dab212c73d4c618a77b105d40302
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 389766 cb2be7e8aa8890f3011c7721474048cb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 145004 1d8436cb03bf8df56127ab37a1787096
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 62920 610d234fcd0e209b0d2e6c0f3be39f6b
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb
Size/MD5 checksum: 1112710 5b98f43fa267c04b32bc96927ad868a2
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 87478 dce62567d27548de56ad38615fd5a8fe
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 71596 8cfffdf23386228753133a6d675a75dc
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 131106 22011c6b9dfeaf6318baffbb40b4b005
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 63834 9a2e78369d8fa1d0d8688eb48e443518
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 810348 c36eb2099ac9fd31e57d5693ec8eb92b
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 82652 3699856d5fe3d28c74e0e66469d05859
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 1087382 a5cac22f1da48cbb4c80f7f736b70b2f
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 179494 4a1d3e8cc558c330b9f4a6bded87913b
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 145716 1f45bb37dd7e13ea4c6b21f52c43c657
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 232788 88bc4c67b09b541769a7a00abc5d2688
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb
Size/MD5 checksum: 391848 05272bb8eb78e5e3fa374c9cb6597403
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 222776 d87408739c95de5b207a88550278a0d0
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 1083104 a5a89067cd381199a75e9751be977884
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 143844 488e4411a9d507c14961e8c1a867a18b
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 84364 fd1d52f855615c98fc8d207dcea36d2f
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 137308 16ac4ae9b3a4eec6e584d4b9902771ed
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 399370 2c4951062f1fa124af1a36a8b0c1e761
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 86864 33e72918f1ae2f968537d4e3328237b8
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 67384 3547b618672d7e775018128fa421551d
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 753506 cdc2c41be06d280160c3f7ee8b7f3417
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 61930 dad1ac368a357004137a4beaf0a4f8ba
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb
Size/MD5 checksum: 179574 499b4b287b5726f7a8afea620d5606c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 63392 7e446e33886543cc1432026dbde49ea8
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 87886 02735411cb4acaa71b8aa72bf7d9683d
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 438990 5aacff7c6ec54f708cb98fa0718bfcc0
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 129266 31c153db1328ee93b97e64bdb01a3cc3
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 195506 d3175c75393ac80363919b170e1446e0
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 1073530 ac4c767b43f20d304e9683ebfddf3a68
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 224438 5a59744997773137c0409af842e7fdf0
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 68782 57ed0962a4cf4f2f7c7d60edf52449ed
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 140470 8fd23a0ec4c4b5c81c48d7b0228a5fa8
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 82118 7a84a0ceeb5110380a231be90d6f36ce
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb
Size/MD5 checksum: 733368 6a3ea5e404cebc11888aaad6fdc2cedd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 131724 561314d157da780fc7de7c06524e8a3c
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 77124 6de298978f0404514a0b16d863efa276
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 961534 754258b22c1eaf83c3167775c3138a58
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 372674 20c48448253a262988a3ca876cfb2931
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 123040 00e2f8c76353547804f9ff516de1f65d
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 680434 6bf7c8d82d481a8d6d9d784f5ed617ec
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 58242 f7e89e959e30e2bd36ac3ce1191a7711
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 63800 21beab0b247e7bdeea2004876f388c59
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 166710 b5127d835935bee8ce49a1154e5fa2eb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 200282 49524ee10fb4d4e7be223a1f25dffba7
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_sparc.deb
Size/MD5 checksum: 78204 2462352e5493e856bd8a784ca49f95f0
These files will probably be moved into the stable distribution on
its next update.
A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4
protocol packets.
This issue only affects krb5kdc when it has Kerberos v4 protocol
compatibility enabled, which is a compiled-in default in all
Kerberos versions that Mandriva Linux ships prior to Mandriva
Linux 2008.0.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm
11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm
23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm
0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm
8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm
fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm
ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm
8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm
22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm
513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm
4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm
6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm
4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm
b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm
21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm
1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm
22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm
Mandriva Linux 2008.0:
3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm
1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm
5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm
94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm
695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm
4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm
cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm
d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm
072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm
cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm
9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm
19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm
6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm
dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm
2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm
734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm
787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm
d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm
cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: krb5
Announcement ID: SUSE-SA:2008:016
Date: Wed, 19 Mar 2008 10:00:00 +0000
Affected Products: SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: no
Cross-References: CVE-2008-0062
CVE-2008-0063
CVE-2008-0947
CVE-2008-0948
Content of This Advisory:
1) Security Vulnerability Resolved:
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The krb5 package is the implementation of the Kerberos protocol suite
from MIT.
This update fixes three vulnerabilities, two of them are only possible if
krb4 support is enabled:
- CVE-2008-0062: null/dangling pointer (krb4)
- CVE-2008-0063: operations on uninitialized buffer content,
possible information leak (krb4)
- CVE-2008-0947/8: out-of-bound array
access in kadmind's RPC lib
2) Solution or Work-Around
Please install the new packages.
3) Special Instructions and Notes
Please restart the kerberos services.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-1.6.2-22.4.i586.rpm
53f6c9b454e27c47ec4cb32679757c48
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-clients-1.6.2-22.4.i586.rpm
66ee0e785595b000842c5cd2c9162c55
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-servers-1.6.2-22.4.i586.rpm
f3fba89b56860b8f46691c69bba8b3c7
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-client-1.6.2-22.4.i586.rpm
193a8298aa8bb866e19e0c48f23e523e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-devel-1.6.2-22.4.i586.rpm
a9b01b5c846e02c588664cddcae4c5c6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-server-1.6.2-22.4.i586.rpm
ff536136c01b5f900aebe6fdc1ec62e6
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.14.i586.rpm
5764e87b834c6a5b8a467fa6aa8ec40e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-clients-1.5.1-23.14.i586.rpm
94db70009c4c6e099a9807584c701686
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-servers-1.5.1-23.14.i586.rpm
5881c8be92dc3eb215a1e837b6468922
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-client-1.5.1-23.14.i586.rpm
c45980b430614c2371dd1ad4f8d21a34
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.14.i586.rpm
1c6a45d60e5eabffedc2c1e3e755ac73
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23.14.i586.rpm
03793b23aced1c01d9e2817648d7c777
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.30.6.i586.rpm
51d1c53aaf25a36dd1e2e74662cbabd9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-clients-1.4.3-19.30.6.i586.rpm
6b4d89a932988685993dba1e87aea95f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-servers-1.4.3-19.30.6.i586.rpm
c7ff44ef5a8453d5223da71d670fdea4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-client-1.4.3-19.30.6.i586.rpm
bc0456ed7708ee3ffdc2501e849e9dbe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.30.6.i586.rpm
9942cbbfd032ea80d8a20daa34ce5374
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19.30.6.i586.rpm
d4596d47caafa6ea4ee4b4f4e218f831
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-1.6.2-22.4.ppc.rpm
f0d1399edebb3e1d715d84568065130a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-clients-1.6.2-22.4.ppc.rpm
8e444214994c1e7297b5332d96967ec0
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-servers-1.6.2-22.4.ppc.rpm
2eecfe960c969bf3a3dcce2fcab010f0
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-client-1.6.2-22.4.ppc.rpm
8052a7d7a942545a46fa5e962c562ab8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-devel-1.6.2-22.4.ppc.rpm
6a118f48123ebfc23715bf797bf8b7d0
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-server-1.6.2-22.4.ppc.rpm
fd8f73d6d8757d9ce3dea43997b56b0c
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-1.5.1-23.14.ppc.rpm
04289bb24041d226f27eb92025b25463
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-clients-1.5.1-23.14.ppc.rpm
731ea1ef473c0d1c8990a8045a9fe587
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-servers-1.5.1-23.14.ppc.rpm
f911f86a0d2e8c9da16930525bd8b163
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-client-1.5.1-23.14.ppc.rpm
a4c560015bbaddcbc88603e1e194146e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-devel-1.5.1-23.14.ppc.rpm
64d0f163ebff972f2e70c6cc4d760555
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-server-1.5.1-23.14.ppc.rpm
8b06dc5e5ac5b3fa410559017403378a
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-1.4.3-19.30.6.ppc.rpm
ae1652f3ea622c5c91b0fd1d47b066ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-clients-1.4.3-19.30.6.ppc.rpm
a389841f387e37732c80d9d5095f9ae6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-servers-1.4.3-19.30.6.ppc.rpm
cb6b4e402570e45767c5ae7a5c26e34c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-client-1.4.3-19.30.6.ppc.rpm
3a2c13bc932e84f7a451f3a2c77c99f0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-devel-1.4.3-19.30.6.ppc.rpm
b34f9511e269e0dfc2896ac88cf41cce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-server-1.4.3-19.30.6.ppc.rpm
0263cbb8f0f41e50dacfed082eca0835
x86-64 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-1.6.2-22.4.x86_64.rpm
6df39c9ddfb04cd4889b5f4bb271213a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-32bit-1.6.2-22.4.x86_64.rpm
77ba221640964cc90ad8e0010ad5c07e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-clients-1.6.2-22.4.x86_64.rpm
fccb50e18045baa2c78165f20eb13eec
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-servers-1.6.2-22.4.x86_64.rpm
3bfd6270a31f2a6a35728bcd274ae327
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-client-1.6.2-22.4.x86_64.rpm
53b3634e9e92255b62a932ed6d30742d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-1.6.2-22.4.x86_64.rpm
54071b2e12004117b0599f53c4a6027b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-32bit-1.6.2-22.4.x86_64.rpm
07069062d1e7b140c6774cc2aaa821d5
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-server-1.6.2-22.4.x86_64.rpm
b07d395220662db193b6f54753931ccc
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.14.x86_64.rpm
3f2d8918cf5da2cab839bf2c72af1495
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23.14.x86_64.rpm
4348a17ec69b6c64c69e11f74fa88a08
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-clients-1.5.1-23.14.x86_64.rpm
433ffcced3ede0163628854ae3296baf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-servers-1.5.1-23.14.x86_64.rpm
c24ab880f1314c1d25f3e9561b204c10
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-client-1.5.1-23.14.x86_64.rpm
6022c2534c50718a2a4fd18fde346daf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23.14.x86_64.rpm
d82a0204e6e0f5e9d6bcd8f60aa4fbde
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1.5.1-23.14.x86_64.rpm
17dc2896ebc7f252e39fc8e23a41abc1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-23.14.x86_64.rpm
45596c22ec6d0c1eebf42f683e4e0cd4
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.30.6.x86_64.rpm
684c7d1363494a7854afd3755bdb2a20
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-32bit-1.4.3-19.30.6.x86_64.rpm
b8552a99f0785f1eee434f6d7293731a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-clients-1.4.3-19.30.6.x86_64.rpm
060fac873ba1bc13e4b5b813ae6a6cd2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-servers-1.4.3-19.30.6.x86_64.rpm
28235a5328a8a982e2a1784793a17863
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-client-1.4.3-19.30.6.x86_64.rpm
056f5e479561d2b831e3dd969261f8de
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-1.4.3-19.30.6.x86_64.rpm
d81c85af0ca1812c273bbd1c6ddf3cb1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-32bit-1.4.3-19.30.6.x86_64.rpm
d17b2d40649a83e28afd6a7a3dec96d6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-server-1.4.3-19.30.6.x86_64.rpm
dd8096c153fb51bdd67352cbe8a51953
Sources:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/krb5-1.6.2-22.4.src.rpm
6ead1c530f58e6255b1c9ba1b78eb3ae
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/krb5-1.5.1-23.14.src.rpm
add4417c6743a6dd26f35182e85ee956
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/krb5-1.4.3-19.30.6.src.rpm
2185d5b60fe733640f16a3a561ec6888
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
Please read our weekly security report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.
opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.
=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097
CVE-2008-2100 CVE-2006-1721 CVE-2008-0553
CVE-2007-5378 CVE-2007-4772 CVE-2008-0888
CVE-2008-0062 CVE-2008-0063 CVE-2008-0948
- -------------------------------------------------------------------
1. Summary:
Several critical security vulnerabilities have been addressed
in patches in ESX and in the newest releases of VMware's hosted
product line.
2. Relevant releases:
VMware Workstation 6.0.3 and earlier,
VMware Workstation 5.5.6 and earlier,
VMware Player 2.0.3 and earlier,
VMware Player 1.0.6 and earlier,
VMware ACE 2.0.3 and earlier,
VMware ACE 1.0.5 and earlier,
VMware Server 1.0.5 and earlier,
VMware Fusion 1.1.1 and earlier
VMware ESXi 3.5 without patches ESXe350-200805501-I-SG,
ESXe350-200805502-T-SG,
ESXe350-200805503-C-SG
VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG,
ESX350-200805501-BG, ESX350-200805504-SG,
ESX350-200805506-SG, ESX350-200805505-SG,
ESX350-200805507-SG
VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216,
ESX-1004726, ESX-1004722, ESX-1004724,
ESX-1004719, ESX-1004219
VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725,
ESX-1004721, ESX-1004723, ESX-1004190,
ESX-1004189
VMware ESX 2.5.5 without update patch 8
VMware ESX 2.5.4 without update patch 19
NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 2008-07-31. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
release available before the end of extended support.
ESX 2.5.4 is in Extended Support and its end of extended support
(Security and Bug fixes) is 2008-10-08. Users should plan to upgrade
to at least 2.5.5 and preferably the newest release available before
the end of extended support.
3. Problem description:
a. VMware Tools Local Privilege Escalation on Windows-based guest OS
The VMware Tools Package provides support required for shared folders
(HGFS) and other features.
An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn't matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.
The HGFS.sys driver is present in the guest operating system if the
VMware Tools package is loaded. Even if the host has HGFS disabled
and has no shared folders, Windows-based guests may be affected. This
is regardless if a host supports HGFS.
This issue could be mitigated by removing the VMware Tools package
from Windows based guests. However this is not recommended as it
would impact usability of the product.
NOTE: Installing the new hosted release or ESX patches will not
remediate the issue. The VMware Tools packages will need
to be updated on each Windows-based guest followed by a
reboot of the guest system.
VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later
Player 2.x Windows not affected
Player 2.x Linux not affected
Player 1.x Windows 1.0.6 build 80404 or later
Player 1.x Linux 1.0.6 build 80404 or later
ACE 2.x Windows not affected
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
ESX 3.0.1 ESX ESX-1004186
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later
b. Privilege escalation on ESX or Linux based hosted operating systems
This update fixes a security issue related to local exploitation of
an untrusted library path vulnerability in vmware-authd. In order to
exploit this vulnerability, an attacker must have local access and
the ability to execute the set-uid vmware-authd binary on an affected
system. Exploitation of this flaw might result in arbitrary code
execution on the Linux host system by an unprivileged user.
VMware would like to thank iDefense for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0967 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows not affected
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows not affected
Player 1.x Linux 1.0.7 build 91707
ACE 2.x Windows not affected
ACE 1.x Windows not affected
Server 1.x Windows not affected
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805515-SG
ESX 3.0.2 ESX ESX-1004821
ESX 3.0.1 ESX ESX-1004728
ESX 2.5.5 ESX ESX 2.5.5 update patch 8
ESX 2.5.4 ESX ESX 2.5.4 update patch 19
c. Openwsman Invalid Content-Length Vulnerability
Openwsman is a system management platform that implements the Web
Services Management protocol (WS-Management). It is installed and
running by default. It is used in the VMware Management Service
Console and in ESXi.
The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable
to a privilege escalation vulnerability, which may allow users with
non-privileged ESX or Virtual Center accounts to gain root privileges.
To exploit this vulnerability, an attacker would need a local ESX
account or a VirtualCenter account with the Host.Cim.CimInteraction
permission.
Systems with no local ESX accounts and no VirtualCenter accounts with
the Host.Cim.CimInteraction permission are not vulnerable.
This vulnerability cannot be exploited by users without valid login
credentials.
Discovery: Alexander Sotirov, VMware Security Research
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2097 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805508-SG
ESX 3.0.2 ESX not affected
ESX 3.0.1 ESX not affected
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
NOTE: VMware hosted products are not affected by this issue.
d. VMware VIX Application Programming Interface (API) Memory Overflow
Vulnerabilities
The VIX API (also known as "Vix") is an API that lets users write scripts
and programs to manipulate virtual machines.
Multiple buffer overflow vulnerabilities are present in the VIX API.
Exploitation of these vulnerabilities might result in code execution on
the host system or on the service console in ESX Server from the guest
operating system.
The VIX API can be enabled and disabled using the "vix.inGuest.enable"
setting in the VMware configuration file. This default value for this
setting is "disabled". This configuration setting is present in the
following products:
VMware Workstation 6.0.2 and higher
VMware ACE 6.0.2 and higher
VMware Server 1.06 and higher
VMware Fusion 1.1.2 and higher
ESX Server 3.0 and higher
ESX Server 3.5 and higher
In previous versions of VMware products where the VIX API was introduced,
the VIX API couldn't be disabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2100 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe
VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz
VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows 5.5.7 build 91707
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows 2.0.4 build 93057
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows 1.0.6 build 91707
Player 1.x Linux 1.0.6 build 91707
ACE 2.x Windows 2.0.4 build 93057
ACE 1.x Windows not affected
Server 1.x Windows 1.0.6 build 91891
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X 1.1.2 build 87978 or later
ESXi 3.5 ESXi ESXe350-200805501-I-SG,
ESXe350-200805502-T-SG
ESX 3.5 ESX ESX350-200805501-BG
ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727
ESX 3.0.1 ESX ESX-1004186, ESX-1004725
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
II Service Console rpm updates
NOTE: ESXi and hosted products are not affected by any service console
security updates
a. Security update for cyrus-sasl
Updated cyrus-sasl package for the ESX Service Console corrects a security
issue found in the DIGEST-MD5 authentication mechanism of Cyrus'
implementation of Simple Authentication and Security Layer (SASL).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-1721 to this issue.
RPMs Updated:
cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-1.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805504-SG
ESX 3.0.2 ESX ESX-1004722
ESX 3.0.1 ESX ESX-1004721
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
b. Security update for tcltk
An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0553 to this issue.
A buffer overflow flaw was discovered in Tk's animated GIF image handling.
An animated GIF containing an initial image smaller than subsequent images
could cause a crash or, potentially, execute code with the privileges of
the application using the Tk library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-5378 to this issue.
A flaw first discovered in the Tcl regular expression engine used in the
PostgreSQL database server, resulted in an infinite loop when processing
certain regular expressions.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-4772 to this issue.
RPM Updated:
tcl-8.3.5-92.8.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805506-SG
ESX 3.0.2 ESX ESX-1004724
ESX 3.0.1 ESX ESX-1004723
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
c. Security update for unzip
This patch includes a moderate security update to the service console that
fixes a flaw in unzip. An attacker could execute malicious code with a
user's privileges if the user ran unzip on a file designed to leverage
this flaw.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0888 to this issue.
RPM Updated:
Unzip-5.50-36.EL3.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805505-SG
ESX 3.0.2 ESX ESX-1004719
ESX 3.0.1 ESX ESX-1004190
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
d.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0062 to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0948 to this issue.
RPM Updated:
krb5-libs-1.2.7-68.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805507-SG
ESX 3.0.2 ESX ESX-1004219
ESX 3.0.1 ESX ESX-1004189
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
4. Solution:
Please review the release notes for your product and version and verify the
md5sum of your downloaded file.
VMware Workstation 6.0.4
------------------------
http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Windows binary
md5sum: f50a05831e94c19d98f363c752fca5f9
RPM Installation file for 32-bit Linux
md5sum: e7793b14b995d3b505f093c84e849421
tar Installation file for 32-bit Linux
md5sum: a0a8e1d8188f4be03357872a57a767ab
RPM Installation file for 64-bit Linux
md5sum: 960d753038a268b8f101f4b853c0257e
tar Installation file for 64-bit Linux
md5sum: 4697ec8a9d6c1152d785f3b77db9d539
VMware Workstation 5.5.7
------------------------
http://www.vmware.com/download/ws/ws5.html
Release notes:
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 4c6a6653b7296240197aac048591c659
Compressed Tar archive for 32-bit Linux
md5sum: 8fc15d72031489cf5cd5d47b966787e6
Linux RPM version for 32-bit Linux
md5sum: f0872fe447ac654a583af16b2f4bba3f
VMware Player 2.0.4 and 1.0.7
-----------------------------
http://www.vmware.com/download/player/
Release notes Player 1.x:
http://www.vmware.com/support/player/doc/releasenotes_player.html
Release notes Player 2.0
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
2.0.4 Windows binary
md5sum: a117664a8bfa7336b846117e5fc048dd
VMware Player 2.0.4 for Linux (.rpm)
md5sum: de6ab6364a0966b68eadda2003561cd2
VMware Player 2.0.4 for Linux (.tar)
md5sum: 9e1c2bfda6b22a3fc195a86aec11903a
VMware Player 2.0.4 - 64-bit (.rpm)
md5sum: 997e5ceffe72f9ce9146071144dacafa
VMware Player 2.0.4 - 64-bit (.tar)
md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef
1.0.7 Windows binary
md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c
Player 1.0.7 for Linux (.rpm)
md5sum: 3b5f97a37df3b984297fa595a5cdba9c
Player 1.0.7 for Linux (.tar)
md5sum: b755739144944071492a16fa20f86a51
VMware ACE
----------
http://www.vmware.com/download/ace/
Release notes 2.0:
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
VMware-workstation-6.0.4-93057.exe
md5sum: f50a05831e94c19d98f363c752fca5f9
VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip
md5sum: d2ae2246f3d87268cf84c1421d94e86c
VMware-ACE-Management-Server-2.0.4-93057.exe
md5sum: 41b31b3392d5da2cef77a7bb28654dbf
VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm
md5sum: 9920be4c33773df53a1728b41af4b109
VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm
md5sum: 4ec4c37203db863e8844460b5e80920b
Release notes 1.x:
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
VMware-ACE-1.0.6-89199.exe
md5sum: 110f6e24842a0d154d9ec55ef9225f4f
VMware Server 1.0.6
-------------------
http://www.vmware.com/download/server/
Release notes:
http://www.vmware.com/support/server/doc/releasenotes_server.html
VMware Server for Windows 32-bit and 64-bit
md5sum: 3e00d5cfae123d875e4298bddabf12f5
VMware Server Windows client package
md5sum: 64f3fc1b4520626ae465237d7ec4773e
VMware Server for Linux
md5sum: 46ea876bfb018edb6602a921f6597245
VMware Server for Linux rpm
md5sum: 9d2f0af908aba443ef80bec8f7ef3485
Management Interface
md5sum: 1b3daabbbb49a036fe49f53f812ef64b
VMware Server Linux client package
md5sum: 185e5b174659f366fcb38b1c4ad8d3c6
VMware Fusion 1.1.3
--------------
http://www.vmware.com/download/fusion/
Release notes:
http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
md5sum: D15A3DFD3E7B11FC37AC684586086D
VMware VIX 1.1.4
----------------
http://www.vmware.com/support/developer/vix-api/
Release notes:
http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html
VMware-vix-1.1.4-93057.exe
md5sum: 2efb74618c7ead627ecb3b3033e3f9f6
VMware-vix-1.1.4-93057.i386.tar.gz
md5sum: 988df2b2bbc975a6fc11f27ad1519832
VMware-vix-1.1.4-93057.x86_64.tar.gz
md5sum: a64f951c6fb5b2795a29a5a7607059c0
ESXi
----
VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX)
http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip
md5sum: 4ce06985d520e94243db1e0504a56d8c
http://kb.vmware.com/kb/1005073
http://kb.vmware.com/kb/1004173
http://kb.vmware.com/kb/1004172
NOTE: ESXe350-200805501-O-SG contains the following patch bundles:
ESXe350-200805501-I-SG, ESXe350-200805502-T-SG,
ESXe350-200805503-C-SG
ESX
---
VMware ESX 3.5 patch ESX350-200805515-SG (authd)
http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip
md5sum: 324b50ade230bcd5079a76e3636163c5
http://kb.vmware.com/kb/1004170
VMware ESX 3.5 patch ESX350-200805508-SG (openwsman)
http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip
md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12
http://kb.vmware.com/kb/1004644
VMware ESX 3.5 patch ESX350-200805501-BG (VIX)
http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip
md5sum: 31a620aa249c593c30015b5b6f8c8650
http://kb.vmware.com/kb/1004637
VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl)
http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip
md5sum: 4c1b1a8dcb09a636b55c64c290f7de51
http://kb.vmware.com/kb/1004640
VMware ESX 3.5 patch ESX350-200805506-SG (tcltk)
http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip
md5sum: af279eef8fdeddb7808630da1ae717b1
http://kb.vmware.com/kb/1004642
VMware ESX 3.5 patch ESX350-200805505-SG (unzip)
http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip
md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6
http://kb.vmware.com/kb/1004641
VMware ESX 3.5 patch ESX350-200805507-SG (krb5)
http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip
md5sum: 5d35a1c470daf13c9f4df5bdc9438748
http://kb.vmware.com/kb/1004643
VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX)
http://download3.vmware.com/software/vi/ESX-1004727.tgz
md5sum: 31a67b0fa3449747887945f8d370f19e
http://kb.vmware.com/kb/1004727
VMware ESX 3.0.2 patch ESX-1004821 (authd)
http://download3.vmware.com/software/vi/ESX-1004821.tgz
md5sum: 5c147bedd07245c903d44257522aeba1
http://kb.vmware.com/kb/1004821
VMware ESX 3.0.2 patch ESX-1004216 (VIX)
http://download3.vmware.com/software/vi/ESX-1004216.tgz
md5sum: 0784ef70420d28a9a5d6113769f6669a
http://kb.vmware.com/kb/1004216
VMware ESX 3.0.2 patch ESX-1004726 (VIX)
http://download3.vmware.com/software/vi/ESX-1004726.tgz
md5sum: 44f03b274867b534cd274ccdf4630b86
http://kb.vmware.com/kb/1004726
VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl)
http://download3.vmware.com/software/vi/ESX-1004722.tgz
md5sum: 99dc71aed5bab7711f573b6d322123d6
http://kb.vmware.com/kb/1004722
VMware ESX 3.0.2 patch ESX-1004724 (tcltk)
http://download3.vmware.com/software/vi/ESX-1004724.tgz
md5sum: fd9a160ca7baa5fc443f2adc8120ecf7
http://kb.vmware.com/kb/1004724
VMware ESX 3.0.2 patch ESX-1004719 (unzip)
http://download3.vmware.com/software/vi/ESX-1004719.tgz
md5sum: f0c37b9f6be3399536d60f6c6944de82
http://kb.vmware.com/kb/1004719
VMware ESX 3.0.2 patch ESX-1004219 (krb5)
http://download3.vmware.com/software/vi/ESX-1004219.tgz
md5sum: 7c68279762f407a7a5ee151a650ebfd4
http://kb.vmware.com/kb/1004219
VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX)
http://download3.vmware.com/software/vi/ESX-1004186.tgz
md5sum: f64389a8b97718eccefadce1a14d1198
http://kb.vmware.com/kb/1004186
VMware ESX 3.0.1 patch ESX-1004728 (authd)
http://download3.vmware.com/software/vi/ESX-1004728.tgz
md5sum: 1f01bb819805b855ffa2ec1040eff5ca
http://kb.vmware.com/kb/1004728
VMware ESX 3.0.1 patch ESX-1004725 (VIX)
http://download3.vmware.com/software/vi/ESX-1004725.tgz
md5sum: 9fafb04c6d3f6959e623832f539d2dc8
http://kb.vmware.com/kb/1004725
VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl)
http://download3.vmware.com/software/vi/ESX-1004721.tgz
md5sum: 48190819b0f5afddefcb8d209d12b585
http://kb.vmware.com/kb/1004721
VMware ESX 3.0.1 patch ESX-1004723 (tcltk)
http://download3.vmware.com/software/vi/ESX-1004723.tgz
md5sum: c34ca0a5886e0c0917a93a97c331fd7d
http://kb.vmware.com/kb/1004723
VMware ESX 3.0.1 patch ESX-1004190 (unzip)
http://download3.vmware.com/software/vi/ESX-1004190.tgz
md5sum: 05187b9f534048c79c62741367cc0dd2
http://kb.vmware.com/kb/1004190
VMware ESX 3.0.1 patch ESX-1004189 (krb5)
http://download3.vmware.com/software/vi/ESX-1004189.tgz
md5sum: 21b620530b99009f469c872e73a439e8
http://kb.vmware.com/kb/1004189
VMware ESX 2.5.5 Upgrade Patch 8
http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz
md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e
http://vmware.com/support/esx25/doc/esx-255-200805-patch.html
VMware ESX 2.5.4 Upgrade Patch 19
http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz
md5sum: 442788fd0bccb0d994c75b268bd12760
http://vmware.com/support/esx25/doc/esx-254-200805-patch.html
5. References:
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
6. Change log:
2008-06-04 VMSA-2008-0009 Initial release
- -------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce@lists.vmware.com
* bugtraq@securityfocus.com
* full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj
CZvxoXw/sZxDCSDjVzYAhrA=
=s04s
-----END PGP SIGNATURE-----
.
II.
III. Solution
Install updates from your vendor
Check with your vendors for patches or updates. For information about
a vendor, please see the systems affected section in vulnerability
notes VU#895609 and VU#374121 or contact your vendor directly.
Administrators who compile MIT Kerberos from source should refer to
MIT Security Advisory 2008-002 for more information.
IV. References
* US-CERT Vulnerability Note VU#895609 -
<http://www.kb.cert.org/vuls/id/895609>
* US-CERT Vulnerability Note VU#374121 -
<http://www.kb.cert.org/vuls/id/374121>
* MIT krb5 Security Advisory 2008-002 -
<http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-079B.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Background
==========
MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol. kadmind is the MIT Kerberos 5 administration daemon,
KDC is the Key Distribution Center.
* Jeff Altman (Secure Endpoints) discovered a buffer overflow in the
RPC library server code, used in the kadmin server, caused when too
many file descriptors are opened (CVE-2008-0947).
* Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI
library: usage of a freed variable in the gss_indicate_mechs()
function (CVE-2007-5901) and a double free() vulnerability in the
gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). These bugs can only be triggered when Kerberos 4 support is
enabled. This
bug can only be triggered in configurations that allow large numbers of
open file descriptors in a process.
Workaround
==========
Kerberos 4 support can be disabled via disabling the "krb4" USE flag
and recompiling the ebuild, or setting "v4_mode=none" in the
[kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around
the KDC related vulnerabilities.
Resolution
==========
All MIT Kerberos 5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1"
References
==========
[ 1 ] CVE-2007-5901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894
[ 2 ] CVE-2007-5971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
[ 3 ] CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
[ 4 ] CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
[ 5 ] CVE-2008-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-31.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
|
|
var-201311-0106
|
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application.
Following versions are vulnerable:
Ruby 1.8
Ruby 1.9 prior to 1.9.3-p484
Ruby 2.0 prior to 2.0.0-p353
Ruby 2.1 prior to 2.1.0 preview2. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2013-1821
Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.
CVE-2013-4073
William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate issued by a
trusted certification authority.
For the oldstable distribution (squeeze), these problems have been fixed in
version 1.8.7.302-2squeeze2.
For the stable distribution (wheezy), these problems have been fixed in
version 1.8.7.358-7.1+deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.358-9.
We recommend that you upgrade your ruby1.8 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: ruby security update
Advisory ID: RHSA-2013:1767-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1767.html
Issue date: 2013-11-26
CVE Names: CVE-2013-4164
=====================================================================
1. Summary:
Updated ruby packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing
6. Package List:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_2.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_3.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_4.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm
ruby-static-1.8.7.352-13.el6_2.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) :
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm
ruby-static-1.8.7.352-13.el6_3.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm
ruby-static-1.8.7.352-13.el6_4.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
i386:
ruby-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-irb-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_2.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_2.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_2.ppc.rpm
ruby-libs-1.8.7.352-13.el6_2.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_2.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm
ruby-devel-1.8.7.352-13.el6_2.s390.rpm
ruby-devel-1.8.7.352-13.el6_2.s390x.rpm
ruby-irb-1.8.7.352-13.el6_2.s390x.rpm
ruby-libs-1.8.7.352-13.el6_2.s390.rpm
ruby-libs-1.8.7.352-13.el6_2.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_2.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
i386:
ruby-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-irb-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_3.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_3.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_3.ppc.rpm
ruby-devel-1.8.7.352-13.el6_3.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_3.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_3.ppc.rpm
ruby-libs-1.8.7.352-13.el6_3.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_3.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm
ruby-devel-1.8.7.352-13.el6_3.s390.rpm
ruby-devel-1.8.7.352-13.el6_3.s390x.rpm
ruby-irb-1.8.7.352-13.el6_3.s390x.rpm
ruby-libs-1.8.7.352-13.el6_3.s390.rpm
ruby-libs-1.8.7.352-13.el6_3.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_3.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_3.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
i386:
ruby-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-irb-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_4.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_4.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_4.ppc.rpm
ruby-devel-1.8.7.352-13.el6_4.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_4.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_4.ppc.rpm
ruby-libs-1.8.7.352-13.el6_4.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_4.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm
ruby-devel-1.8.7.352-13.el6_4.s390.rpm
ruby-devel-1.8.7.352-13.el6_4.s390x.rpm
ruby-irb-1.8.7.352-13.el6_4.s390x.rpm
ruby-libs-1.8.7.352-13.el6_4.s390.rpm
ruby-libs-1.8.7.352-13.el6_4.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_4.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_4.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-docs-1.8.7.352-13.el6_2.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm
ruby-ri-1.8.7.352-13.el6_2.i686.rpm
ruby-static-1.8.7.352-13.el6_2.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_2.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_2.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_2.ppc64.rpm
ruby-static-1.8.7.352-13.el6_2.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm
ruby-devel-1.8.7.352-13.el6_2.s390.rpm
ruby-devel-1.8.7.352-13.el6_2.s390x.rpm
ruby-docs-1.8.7.352-13.el6_2.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm
ruby-ri-1.8.7.352-13.el6_2.s390x.rpm
ruby-static-1.8.7.352-13.el6_2.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_2.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm
ruby-static-1.8.7.352-13.el6_2.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-docs-1.8.7.352-13.el6_3.i686.rpm
ruby-ri-1.8.7.352-13.el6_3.i686.rpm
ruby-static-1.8.7.352-13.el6_3.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_3.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_3.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_3.ppc64.rpm
ruby-static-1.8.7.352-13.el6_3.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm
ruby-docs-1.8.7.352-13.el6_3.s390x.rpm
ruby-ri-1.8.7.352-13.el6_3.s390x.rpm
ruby-static-1.8.7.352-13.el6_3.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_3.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm
ruby-static-1.8.7.352-13.el6_3.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-docs-1.8.7.352-13.el6_4.i686.rpm
ruby-ri-1.8.7.352-13.el6_4.i686.rpm
ruby-static-1.8.7.352-13.el6_4.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_4.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_4.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_4.ppc64.rpm
ruby-static-1.8.7.352-13.el6_4.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm
ruby-docs-1.8.7.352-13.el6_4.s390x.rpm
ruby-ri-1.8.7.352-13.el6_4.s390x.rpm
ruby-static-1.8.7.352-13.el6_4.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_4.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm
ruby-static-1.8.7.352-13.el6_4.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-4164.html
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSlPJkXlSAg2UNWIIRAmGVAJ0ftFXiZwwEQYrgDr4bmR7n7pvbtQCbB8VQ
Q2wQW0K2XmUcezCSz0pyQ2M=
=Cisx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Denial of Service
Date: December 13, 2014
Bugs: #355439, #369141, #396301, #437366, #442580, #458776,
#492282, #527084, #529216
ID: 201412-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Ruby, allowing
context-dependent attackers to cause a Denial of Service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/ruby < 2.0.0_p598 *>= 1.9.3_p551
>= 2.0.0_p598
Description
===========
Multiple vulnerabilities have been discovered in Ruby. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Ruby 1.9 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
All Ruby 2.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
References
==========
[ 1 ] CVE-2011-0188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188
[ 2 ] CVE-2011-1004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004
[ 3 ] CVE-2011-1005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005
[ 4 ] CVE-2011-4815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815
[ 5 ] CVE-2012-4481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481
[ 6 ] CVE-2012-5371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371
[ 7 ] CVE-2013-0269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269
[ 8 ] CVE-2013-1821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821
[ 9 ] CVE-2013-4164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164
[ 10 ] CVE-2014-8080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080
[ 11 ] CVE-2014-8090
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-27.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm
3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm
39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm
0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm
fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm
cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm
61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm
7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm
3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-3 OS X Server v4.0
OS X Server v4.0 is now available and addresses the following:
BIND
Available for: OS X Yosemite v10.10 or later
Impact: Multiple vulnerabilities in BIND, the most serious of which
may lead to a denial of service
Description: Multiple vulnerabilities existed in BIND. These issues
were addressed by updating BIND to version 9.9.2-P2
CVE-ID
CVE-2013-3919
CVE-2013-4854
CVE-2014-0591
CoreCollaboration
Available for: OS X Yosemite v10.10 or later
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of
Ferdowsi University of Mashhad
CoreCollaboration
Available for: OS X Yosemite v10.10 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in Xcode Server.
This issue was addressed through improved encoding of HTML output.
CVE-ID
CVE-2014-4406 : David Hoyt of Hoyt LLC
CoreCollaboration
Available for: OS X Yosemite v10.10 or later
Impact: Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PostgreSQL. These
issues were addressed by updating PostgreSQL to version 9.2.7.
CVE-ID
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
Mail Service
Available for: OS X Yosemite v10.10 or later
Impact: Group SACL changes for Mail may not be respected until after
a restart of the Mail service
Description: SACL settings for Mail were cached and changes to the
SACLs were not respected until after a restart of the Mail service.
This issue was addressed by resetting the cache upon changes to the
SACLs.
CVE-ID
CVE-2014-4446 : Craig Courtney
Profile Manager
Available for: OS X Yosemite v10.10 or later
Impact: Multiple vulnerabilities in LibYAML, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in LibYAML. These
issues were addressed by switching from YAML to JSON as Profile
Manager's internal serialization format.
CVE-ID
CVE-2013-4164
CVE-2013-6393
Profile Manager
Available for: OS X Yosemite v10.10 or later
Impact: A local user may obtain passwords after setting up or
editing profiles in Profile Manager
Description: In certain circumstances, setting up or editing
profiles in Profile Manager may have logged passwords to a file. This
issue was addressed through improved handling of credentials.
CVE-ID
CVE-2014-4447 : Mayo Jordanov
Server
Available for: OS X Yosemite v10.10 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
ServerRuby
Available for: OS X Yosemite v10.10 or later
Impact: Running a Ruby script that handles untrusted YAML tags may
lead to an unexpected application termination or arbitrary code
execution
Description: An integer overflow issue existed in LibYAML's handling
of YAML tags. This issue was addressed through additional validation
of YAML tags. This issue does not affect systems prior to OS X
Mavericks.
CVE-ID
CVE-2013-6393
OS X Server v4.0 may be obtained from the Mac App Store. Relevant releases/architectures:
Management Engine - noarch, x86_64
3. Description:
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section |
|
var-201904-1401
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file and execute a user gesture within the rendered HTML.The specific flaw exists within the handling of subframes. The issue lies in the ability to execute arbitrary JavaScript without preserving the original origin. An attacker can leverage this vulnerability to execute script in the context of a different domain. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Safari is a web browser developed as the default browser included with MacOSX and iOS operating systems. WebKit is one of the web browser engine components. The WebKit component in many Apple products has a cross-site scripting vulnerability, which stems from the lack of correct validation of client data in WEB applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201812-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: December 02, 2018
Bugs: #667892
ID: 201812-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"
References
==========
[ 1 ] CVE-2018-4191
https://nvd.nist.gov/vuln/detail/CVE-2018-4191
[ 2 ] CVE-2018-4197
https://nvd.nist.gov/vuln/detail/CVE-2018-4197
[ 3 ] CVE-2018-4207
https://nvd.nist.gov/vuln/detail/CVE-2018-4207
[ 4 ] CVE-2018-4208
https://nvd.nist.gov/vuln/detail/CVE-2018-4208
[ 5 ] CVE-2018-4209
https://nvd.nist.gov/vuln/detail/CVE-2018-4209
[ 6 ] CVE-2018-4210
https://nvd.nist.gov/vuln/detail/CVE-2018-4210
[ 7 ] CVE-2018-4212
https://nvd.nist.gov/vuln/detail/CVE-2018-4212
[ 8 ] CVE-2018-4213
https://nvd.nist.gov/vuln/detail/CVE-2018-4213
[ 9 ] CVE-2018-4299
https://nvd.nist.gov/vuln/detail/CVE-2018-4299
[ 10 ] CVE-2018-4306
https://nvd.nist.gov/vuln/detail/CVE-2018-4306
[ 11 ] CVE-2018-4309
https://nvd.nist.gov/vuln/detail/CVE-2018-4309
[ 12 ] CVE-2018-4311
https://nvd.nist.gov/vuln/detail/CVE-2018-4311
[ 13 ] CVE-2018-4312
https://nvd.nist.gov/vuln/detail/CVE-2018-4312
[ 14 ] CVE-2018-4314
https://nvd.nist.gov/vuln/detail/CVE-2018-4314
[ 15 ] CVE-2018-4315
https://nvd.nist.gov/vuln/detail/CVE-2018-4315
[ 16 ] CVE-2018-4316
https://nvd.nist.gov/vuln/detail/CVE-2018-4316
[ 17 ] CVE-2018-4317
https://nvd.nist.gov/vuln/detail/CVE-2018-4317
[ 18 ] CVE-2018-4318
https://nvd.nist.gov/vuln/detail/CVE-2018-4318
[ 19 ] CVE-2018-4319
https://nvd.nist.gov/vuln/detail/CVE-2018-4319
[ 20 ] CVE-2018-4323
https://nvd.nist.gov/vuln/detail/CVE-2018-4323
[ 21 ] CVE-2018-4328
https://nvd.nist.gov/vuln/detail/CVE-2018-4328
[ 22 ] CVE-2018-4358
https://nvd.nist.gov/vuln/detail/CVE-2018-4358
[ 23 ] CVE-2018-4359
https://nvd.nist.gov/vuln/detail/CVE-2018-4359
[ 24 ] CVE-2018-4361
https://nvd.nist.gov/vuln/detail/CVE-2018-4361
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201812-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
. -----------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007
------------------------------------------------------------------------
Date reported : September 26, 2018
Advisory ID : WSA-2018-0007
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0007.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0007.html
CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209,
CVE-2018-4210, CVE-2018-4212, CVE-2018-4213,
CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,
CVE-2018-4306, CVE-2018-4309, CVE-2018-4311,
CVE-2018-4312, CVE-2018-4314, CVE-2018-4315,
CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,
CVE-2018-4319, CVE-2018-4323, CVE-2018-4328,
CVE-2018-4358, CVE-2018-4359, CVE-2018-4361.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4207
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4208
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4209
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4210
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction with indexing types caused a failure.
CVE-2018-4212
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4213
Versions affected: WebKitGTK+ before 2.20.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4191
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
CVE-2018-4197
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4299
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4306
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4309
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to an anonymous researcher working with Trend Micro's Zero
Day Initiative.
CVE-2018-4311
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Erling Alf Ellingsen (@steike).
Cross-origin SecurityErrors includes the accessed frameas origin.
CVE-2018-4312
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4314
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4315
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4316
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4317
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4318
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4319
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to John Pettitt of Google.
A malicious website may cause unexepected cross-origin behavior.
CVE-2018-4323
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4328
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Ivan Fratric of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4358
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4359
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Samuel GroA (@5aelo).
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.
CVE-2018-4361
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to Google OSS-Fuzz.
Unexpected interaction causes an ASSERT failure.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
September 26, 2018
|
|
var-202004-2200
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions before 13.4; versions before watchOS 6.2. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)
An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)
A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)
A logic issue existed in the handling of document loads. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3902). In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
These updated images include numerous security fixes, bug fixes, and
enhancements. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume
1813506 - Dockerfile not compatible with docker and buildah
1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup
1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement
1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance
1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node.
1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default
1842254 - [NooBaa] Compression stats do not add up when compression id disabled
1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster
1849771 - [RFE] Account created by OBC should have same permissions as bucket owner
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot
1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume
1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount
1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)
1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14)
1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage
1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards
1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found
1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining
1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script
1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases.
1865938 - CSIDrivers missing in OCS 4.6
1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found)
1868703 - [rbd] After volume expansion, the new size is not reflected on the pod
1869411 - capture full crash information from ceph
1870061 - [RHEL][IBM] OCS un-install should make the devices raw
1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret)
1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform
1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster
1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store
1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError
1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function
1875476 - Change noobaa logo in the noobaa UI
1877339 - Incorrect use of logr
1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect
1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory
1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket
1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW
1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret
1879072 - Deployment with encryption at rest is failing to bring up OSD pods
1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1880255 - Collect rbd info and subvolume info and snapshot info command output
1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS
1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1882397 - MCG decompression problem with snappy on s390x arch
1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption
1883398 - Update csi sidecar containers in rook
1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash
1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6
1883927 - Deployment with encryption at rest is failing to bring up OSD pods
1885175 - Handle disappeared underlying device for encrypted OSD
1885428 - panic seen in rook-ceph during uninstall - "close of closed channel"
1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall
1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW
1886308 - Default VolumeSnapshot Classes not created in External Mode
1886348 - osd removal job failed with status "Error"
1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB)
1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6
1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall
1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user]
1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state
1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script
1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash
1889441 - Traceback error message while running OCS 4.6 must-gather
1889683 - [GSS] Noobaa Problem when setting public access to a bucket
1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster
1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter"
1890638 - must-gather helper pod should be deleted after collecting ceph crash info
1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port
1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint
1892206 - [GSS] Ceph image/version mismatch
1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test
1893624 - Must Gather is not collecting the tar file from NooBaa diagnose
1893691 - OCS4.6 must_gather failes to complete in 600sec
1893714 - Bad response for upload an object with encryption
1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6
1896298 - [RFE] Monitoring for Namespace buckets and resources
1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs
1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC
1902627 - must-gather should wait for debug pods to be in ready state
1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202006-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 13, 2020
Bugs: #712260
ID: 202006-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.28.2 >= 2.28.2
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.28.2"
References
==========
[ 1 ] CVE-2020-10018
https://nvd.nist.gov/vuln/detail/CVE-2020-10018
[ 2 ] CVE-2020-10018
https://nvd.nist.gov/vuln/detail/CVE-2020-10018
[ 3 ] CVE-2020-11793
https://nvd.nist.gov/vuln/detail/CVE-2020-11793
[ 4 ] CVE-2020-11793
https://nvd.nist.gov/vuln/detail/CVE-2020-11793
[ 5 ] CVE-2020-3885
https://nvd.nist.gov/vuln/detail/CVE-2020-3885
[ 6 ] CVE-2020-3894
https://nvd.nist.gov/vuln/detail/CVE-2020-3894
[ 7 ] CVE-2020-3895
https://nvd.nist.gov/vuln/detail/CVE-2020-3895
[ 8 ] CVE-2020-3897
https://nvd.nist.gov/vuln/detail/CVE-2020-3897
[ 9 ] CVE-2020-3899
https://nvd.nist.gov/vuln/detail/CVE-2020-3899
[ 10 ] CVE-2020-3900
https://nvd.nist.gov/vuln/detail/CVE-2020-3900
[ 11 ] CVE-2020-3901
https://nvd.nist.gov/vuln/detail/CVE-2020-3901
[ 12 ] CVE-2020-3902
https://nvd.nist.gov/vuln/detail/CVE-2020-3902
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-4 watchOS 6.2
watchOS 6.2 is now available and addresses the following:
ActionKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: Apple Watch Series 1 and later
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Icons
Available for: Apple Watch Series 1 and later
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: Apple Watch Series 1 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: Apple Watch Series 1 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Messages
Available for: Apple Watch Series 1 and later
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Phone
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
WebKit
We would like to acknowledge Samuel Groß of Google Project Zero and
an anonymous researcher for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from `oc explain`
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update
Advisory ID: RHSA-2022:0056-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056
Issue date: 2022-03-10
CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502
CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9169 CVE-2019-13050
CVE-2019-13627 CVE-2019-14889 CVE-2019-15903
CVE-2019-19906 CVE-2019-20454 CVE-2019-20807
CVE-2019-25013 CVE-2020-1730 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-8927 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-9952
CVE-2020-10018 CVE-2020-11793 CVE-2020-13434
CVE-2020-14391 CVE-2020-15358 CVE-2020-15503
CVE-2020-25660 CVE-2020-25677 CVE-2020-27618
CVE-2020-27781 CVE-2020-29361 CVE-2020-29362
CVE-2020-29363 CVE-2021-3121 CVE-2021-3326
CVE-2021-3449 CVE-2021-3450 CVE-2021-3516
CVE-2021-3517 CVE-2021-3518 CVE-2021-3520
CVE-2021-3521 CVE-2021-3537 CVE-2021-3541
CVE-2021-3733 CVE-2021-3749 CVE-2021-20305
CVE-2021-21684 CVE-2021-22946 CVE-2021-22947
CVE-2021-25215 CVE-2021-27218 CVE-2021-30666
CVE-2021-30761 CVE-2021-30762 CVE-2021-33928
CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
CVE-2021-36222 CVE-2021-37750 CVE-2021-39226
CVE-2021-41190 CVE-2021-43813 CVE-2021-44716
CVE-2021-44717 CVE-2022-0532 CVE-2022-21673
CVE-2022-24407
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.10.3 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.10.3. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* grafana: Snapshot authentication bypass (CVE-2021-39226)
* golang: net/http: limit growth of header canonicalization cache
(CVE-2021-44716)
* nodejs-axios: Regular expression denial of service in trim function
(CVE-2021-3749)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* grafana: Forward OAuth Identity Token can allow users to access some data
sources (CVE-2022-21673)
* grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is
sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is
sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is
sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
3. Solution:
For OpenShift Container Platform 4.10 see the following documentation,
which will be updated shortly for this release, for moderate instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform
1976894 - Unidling a StatefulSet does not work as expected
1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases
1977414 - Build Config timed out waiting for condition 400: Bad Request
1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus
1978528 - systemd-coredump started and failed intermittently for unknown reasons
1978581 - machine-config-operator: remove runlevel from mco namespace
1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable
1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9
1979966 - OCP builds always fail when run on RHEL7 nodes
1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading
1981549 - Machine-config daemon does not recover from broken Proxy configuration
1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]
1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues
1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page
1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
1982662 - Workloads - DaemonSets - Add storage: i18n misses
1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encryption-config" on single node clusters
1983758 - upgrades are failing on disruptive tests
1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
1984592 - global pull secret not working in OCP4.7.4+ for additional private registries
1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs
1985486 - Cluster Proxy not used during installation on OSP with Kuryr
1985724 - VM Details Page missing translations
1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted
1985933 - Downstream image registry recommendation
1985965 - oVirt CSI driver does not report volume stats
1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding"
1986237 - "MachineNotYetDeleted" in Pending state , alert not fired
1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid"
1986302 - console continues to fetch prometheus alert and silences for normal user
1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI
1986338 - error creating list of resources in Import YAML
1986502 - yaml multi file dnd duplicates previous dragged files
1986819 - fix string typos for hot-plug disks
1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure
1987136 - Declare operatorframework.io/arch.* labels for all operators
1987257 - Go-http-client user-agent being used for oc adm mirror requests
1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold
1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP
1988406 - SSH key dropped when selecting "Customize virtual machine" in UI
1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade
1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs
1989438 - expected replicas is wrong
1989502 - Developer Catalog is disappearing after short time
1989843 - 'More' and 'Show Less' functions are not translated on several page
1990014 - oc debug <pod-name> does not work for Windows pods
1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created
1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page
1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar
1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI
1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks
1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var
1990625 - Ironic agent registers with SLAAC address with privacy-stable
1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time
1991067 - github.com can not be resolved inside pods where cluster is running on openstack.
1991573 - Enable typescript strictNullCheck on network-policies files
1991641 - Baremetal Cluster Operator still Available After Delete Provisioning
1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator
1991819 - Misspelled word "ocurred" in oc inspect cmd
1991942 - Alignment and spacing fixes
1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked
1992453 - The configMap failed to save on VM environment tab
1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab
1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab
1992509 - Could not customize boot source due to source PVC not found
1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
1992580 - storageProfile should stay with the same value by check/uncheck the apply button
1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply
1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios
1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)
1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing
1994094 - Some hardcodes are detected at the code level in OpenShift console components
1994142 - Missing required cloud config fields for IBM Cloud
1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools
1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart
1995335 - [SCALE] ovnkube CNI: remove ovs flows check
1995493 - Add Secret to workload button and Actions button are not aligned on secret details page
1995531 - Create RDO-based Ironic image to be promoted to OKD
1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator
1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs
1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread
1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole
1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN
1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down
1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page
1996647 - Provide more useful degraded message in auth operator on DNS errors
1996736 - Large number of 501 lr-policies in INCI2 env
1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes
1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP
1996928 - Enable default operator indexes on ARM
1997028 - prometheus-operator update removes env var support for thanos-sidecar
1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used
1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller.
1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI
1997269 - Have to refresh console to install kube-descheduler
1997478 - Storage operator is not available after reboot cluster instances
1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
1997967 - storageClass is not reserved from default wizard to customize wizard
1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order
1998038 - [e2e][automation] add tests for UI for VM disk hot-plug
1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus
1998174 - Create storageclass gp3-csi after install ocp cluster on aws
1998183 - "r: Bad Gateway" info is improper
1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected
1998377 - Filesystem table head is not full displayed in disk tab
1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory
1998519 - Add fstype when create localvolumeset instance on web console
1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page
1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
1999091 - Console update toast notification can appear multiple times
1999133 - removing and recreating static pod manifest leaves pod in error state
1999246 - .indexignore is not ingore when oc command load dc configuration
1999250 - ArgoCD in GitOps operator can't manage namespaces
1999255 - ovnkube-node always crashes out the first time it starts
1999261 - ovnkube-node log spam (and security token leak?)
1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page
1999314 - console-operator is slow to mark Degraded as False once console starts working
1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)
1999556 - "master" pool should be updated before the CVO reports available at the new version occurred
1999578 - AWS EFS CSI tests are constantly failing
1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages
1999619 - cloudinit is malformatted if a user sets a password during VM creation flow
1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow
1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined
1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub)
1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource
1999771 - revert "force cert rotation every couple days for development" in 4.10
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace.
1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions
1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form
1999983 - No way to clear upload error from template boot source
2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter
2000096 - Git URL is not re-validated on edit build-config form reload
2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig
2000236 - Confusing usage message from dynkeepalived CLI
2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported
2000430 - bump cluster-api-provider-ovirt version in installer
2000450 - 4.10: Enable static PV multi-az test
2000490 - All critical alerts shipped by CMO should have links to a runbook
2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)
2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled
2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console
2000754 - IPerf2 tests should be lower
2000846 - Structure logs in the entire codebase of Local Storage Operator
2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24
2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM
2000938 - CVO does not respect changes to a Deployment strategy
2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone
2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole
2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error
2001337 - Details Card in ODF Dashboard mentions OCS
2001339 - fix text content hotplug
2001413 - [e2e][automation] add/delete nic and disk to template
2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
2001442 - Empty termination.log file for the kube-apiserver has too permissive mode
2001479 - IBM Cloud DNS unable to create/update records
2001566 - Enable alerts for prometheus operator in UWM
2001575 - Clicking on the perspective switcher shows a white page with loader
2001577 - Quick search placeholder is not displayed properly when the search string is removed
2001578 - [e2e][automation] add tests for vm dashboard tab
2001605 - PVs remain in Released state for a long time after the claim is deleted
2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options
2001620 - Cluster becomes degraded if it can't talk to Manila
2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF
2001761 - Unable to apply cluster operator storage for SNO on GCP platform.
2001765 - Some error message in the log of diskmaker-manager caused confusion
2001784 - show loading page before final results instead of showing a transient message No log files exist
2001804 - Reload feature on Environment section in Build Config form does not work properly
2001810 - cluster admin unable to view BuildConfigs in all namespaces
2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well
2001823 - OCM controller must update operator status
2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
2001835 - Could not select image tag version when create app from dev console
2001855 - Add capacity is disabled for ocs-storagecluster
2001856 - Repeating event: MissingVersion no image found for operand pod
2001959 - Side nav list borders don't extend to edges of container
2002007 - Layout issue on "Something went wrong" page
2002010 - ovn-kube may never attempt to retry a pod creation
2002012 - Cannot change volume mode when cloning a VM from a template
2002027 - Two instances of Dotnet helm chart show as one in topology
2002075 - opm render does not automatically pulling in the image(s) used in the deployments
2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster
2002125 - Network policy details page heading should be updated to Network Policy details
2002133 - [e2e][automation] add support/virtualization and improve deleteResource
2002134 - [e2e][automation] add test to verify vm details tab
2002215 - Multipath day1 not working on s390x
2002238 - Image stream tag is not persisted when switching from yaml to form editor
2002262 - [vSphere] Incorrect user agent in vCenter sessions list
2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector
2002276 - OLM fails to upgrade operators immediately
2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods
2002354 - Missing DU configuration "Done" status reporting during ZTP flow
2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs
2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN
2002397 - Resources search is inconsistent
2002434 - CRI-O leaks some children PIDs
2002443 - Getting undefined error on create local volume set page
2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy
2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods.
2002559 - User preference for topology list view does not follow when a new namespace is created
2002567 - Upstream SR-IOV worker doc has broken links
2002588 - Change text to be sentence case to align with PF
2002657 - ovn-kube egress IP monitoring is using a random port over the node network
2002713 - CNO: OVN logs should have millisecond resolution
2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite
2002763 - Two storage systems getting created with external mode RHCS
2002808 - KCM does not use web identity credentials
2002834 - Cluster-version operator does not remove unrecognized volume mounts
2002896 - Incorrect result return when user filter data by name on search page
2002950 - Why spec.containers.command is not created with "oc create deploymentconfig <dc-name> --image=<image> -- <command>"
2003096 - [e2e][automation] check bootsource URL is displaying on review step
2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role
2003120 - CI: Uncaught error with ResizeObserver on operand details page
2003145 - Duplicate operand tab titles causes "two children with the same key" warning
2003164 - OLM, fatal error: concurrent map writes
2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form
2003193 - Kubelet/crio leaks netns and veth ports in the host
2003195 - OVN CNI should ensure host veths are removed
2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images
2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI
2003244 - Revert libovsdb client code
2003251 - Patternfly components with list element has list item bullet when they should not.
2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI
2003269 - Rejected pods should be filtered from admission regression
2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release
2003426 - [e2e][automation] add test for vm details bootorder
2003496 - [e2e][automation] add test for vm resources requirment settings
2003641 - All metal ipi jobs are failing in 4.10
2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state
2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node
2003683 - Samples operator is panicking in CI
2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page
2003715 - Error on creating local volume set after selection of the volume mode
2003743 - Remove workaround keeping /boot RW for kdump support
2003775 - etcd pod on CrashLoopBackOff after master replacement procedure
2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
2003792 - Monitoring metrics query graph flyover panel is useless
2003808 - Add Sprint 207 translations
2003845 - Project admin cannot access image vulnerabilities view
2003859 - sdn emits events with garbage messages
2003896 - (release-4.10) ApiRequestCounts conditional gatherer
2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas
2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes
2004059 - [e2e][automation] fix current tests for downstream
2004060 - Trying to use basic spring boot sample causes crash on Firefox
2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection
2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently
2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver
2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory
2004449 - Boot option recovery menu prevents image boot
2004451 - The backup filename displayed in the RecentBackup message is incorrect
2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts
2004508 - TuneD issues with the recent ConfigParser changes.
2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions
2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs
2004578 - Monitoring and node labels missing for an external storage platform
2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days
2004596 - [4.10] Bootimage bump tracker
2004597 - Duplicate ramdisk log containers running
2004600 - Duplicate ramdisk log containers running
2004609 - output of "crictl inspectp" is not complete
2004625 - BMC credentials could be logged if they change
2004632 - When LE takes a large amount of time, multiple whereabouts are seen
2004721 - ptp/worker custom threshold doesn't change ptp events threshold
2004736 - [knative] Create button on new Broker form is inactive despite form being filled
2004796 - [e2e][automation] add test for vm scheduling policy
2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque
2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card
2004901 - [e2e][automation] improve kubevirt devconsole tests
2004962 - Console frontend job consuming too much CPU in CI
2005014 - state of ODF StorageSystem is misreported during installation or uninstallation
2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines
2005179 - pods status filter is not taking effect
2005182 - sync list of deprecated apis about to be removed
2005282 - Storage cluster name is given as title in StorageSystem details page
2005355 - setuptools 58 makes Kuryr CI fail
2005407 - ClusterNotUpgradeable Alert should be set to Severity Info
2005415 - PTP operator with sidecar api configured throws bind: address already in use
2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console
2005554 - The switch status of the button "Show default project" is not revealed correctly in code
2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2005761 - QE - Implementing crw-basic feature file
2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow
2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty
2005854 - SSH NodePort service is created for each VM
2005901 - KS, KCM and KA going Degraded during master nodes upgrade
2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user
2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics
2005971 - Change telemeter to report the Application Services product usage metrics
2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files
2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased
2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types
2006101 - Power off fails for drivers that don't support Soft power off
2006243 - Metal IPI upgrade jobs are running out of disk space
2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address
2006308 - Backing Store YAML tab on click displays a blank screen on UI
2006325 - Multicast is broken across nodes
2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators
2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource
2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception"
2006714 - add retry for etcd errors in kube-apiserver
2006767 - KubePodCrashLooping may not fire
2006803 - Set CoreDNS cache entries for forwarded zones
2006861 - Add Sprint 207 part 2 translations
2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap
2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors
2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded
2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick
2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails
2007271 - CI Integration for Knative test cases
2007289 - kubevirt tests are failing in CI
2007322 - Devfile/Dockerfile import does not work for unsupported git host
2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2008521 - gcp-hostname service should correct invalid search entries in resolv.conf
2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount
2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror
2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers
2008599 - Azure Stack UPI does not have Internal Load Balancer
2008612 - Plugin asset proxy does not pass through browser cache headers
2008712 - VPA webhook timeout prevents all pods from starting
2008733 - kube-scheduler: exposed /debug/pprof port
2008911 - Prometheus repeatedly scaling prometheus-operator replica set
2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12
2009055 - Instances of OCS to be replaced with ODF on UI
2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs
2009083 - opm blocks pruning of existing bundles during add
2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances
2009131 - [e2e][automation] add more test about vmi
2009148 - [e2e][automation] test vm nic presets and options
2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator
2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family
2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted
2009384 - UI changes to support BindableKinds CRD changes
2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped
2009424 - Deployment upgrade is failing availability check
2009454 - Change web terminal subscription permissions from get to list
2009465 - container-selinux should come from rhel8-appstream
2009514 - Bump OVS to 2.16-15
2009555 - Supermicro X11 system not booting from vMedia with AI
2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points
2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow
2009699 - Failure to validate flavor RAM
2009754 - Footer is not sticky anymore in import forms
2009785 - CRI-O's version file should be pinned by MCO
2009791 - Installer: ibmcloud ignores install-config values
2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13
2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo
2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2009873 - Stale Logical Router Policies and Annotations for a given node
2009879 - There should be test-suite coverage to ensure admin-acks work as expected
2009888 - SRO package name collision between official and community version
2010073 - uninstalling and then reinstalling sriov-network-operator is not working
2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed.
2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default
2013751 - Service details page is showing wrong in-cluster hostname
2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page
2013871 - Resource table headings are not aligned with their column data
2013895 - Cannot enable accelerated network via MachineSets on Azure
2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude"
2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)
2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain
2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)
2013996 - Project detail page: Action "Delete Project" does nothing for the default project
2014071 - Payload imagestream new tags not properly updated during cluster upgrade
2014153 - SRIOV exclusive pooling
2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace
2014238 - AWS console test is failing on importing duplicate YAML definitions
2014245 - Several aria-labels, external links, and labels aren't internationalized
2014248 - Several files aren't internationalized
2014352 - Could not filter out machine by using node name on machines page
2014464 - Unexpected spacing/padding below navigation groups in developer perspective
2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages
2014486 - Integration Tests: OLM single namespace operator tests failing
2014488 - Custom operator cannot change orders of condition tables
2014497 - Regex slows down different forms and creates too much recursion errors in the log
2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id'
2014614 - Metrics scraping requests should be assigned to exempt priority level
2014710 - TestIngressStatus test is broken on Azure
2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly
2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile
2015115 - [RFE] PCI passthrough
2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter
2015154 - Support ports defined networks and primarySubnet
2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic
2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production
2015386 - Possibility to add labels to the built-in OCP alerts
2015395 - Table head on Affinity Rules modal is not fully expanded
2015416 - CI implementation for Topology plugin
2015418 - Project Filesystem query returns No datapoints found
2015420 - No vm resource in project view's inventory
2015422 - No conflict checking on snapshot name
2015472 - Form and YAML view switch button should have distinguishable status
2015481 - [4.10] sriov-network-operator daemon pods are failing to start
2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English
2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2017427 - NTO does not restart TuneD daemon when profile application is taking too long
2017535 - Broken Argo CD link image on GitOps Details Page
2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references
2017564 - On-prem prepender dispatcher script overwrites DNS search settings
2017565 - CCMO does not handle additionalTrustBundle on Azure Stack
2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice
2017606 - [e2e][automation] add test to verify send key for VNC console
2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes
2017656 - VM IP address is "undefined" under VM details -> ssh field
2017663 - SSH password authentication is disabled when public key is not supplied
2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP
2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set
2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource
2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults
2017761 - [e2e][automation] dummy bug for 4.9 test dependency
2017872 - Add Sprint 209 translations
2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances
2017879 - Add Chinese translation for "alternate"
2017882 - multus: add handling of pod UIDs passed from runtime
2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods
2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI
2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS
2018094 - the tooltip length is limited
2018152 - CNI pod is not restarted when It cannot start servers due to ports being used
2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time
2018234 - user settings are saved in local storage instead of on cluster
2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?)
2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)
2018275 - Topology graph doesn't show context menu for Export CSV
2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked
2018380 - Migrate docs links to access.redhat.com
2018413 - Error: context deadline exceeded, OCP 4.8.9
2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked
2018445 - [e2e][automation] enhance tests for downstream
2018446 - [e2e][automation] move tests to different level
2018449 - [e2e][automation] add test about create/delete network attachment definition
2018490 - [4.10] Image provisioning fails with file name too long
2018495 - Fix typo in internationalization README
2018542 - Kernel upgrade does not reconcile DaemonSet
2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit
2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes
2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950
2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10
2018985 - The rootdisk size is 15Gi of windows VM in customize wizard
2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync.
2019096 - Update SRO leader election timeout to support SNO
2019129 - SRO in operator hub points to wrong repo for README
2019181 - Performance profile does not apply
2019198 - ptp offset metrics are not named according to the log output
2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest
2019284 - Stop action should not in the action list while VMI is not running
2019346 - zombie processes accumulation and Argument list too long
2019360 - [RFE] Virtualization Overview page
2019452 - Logger object in LSO appends to existing logger recursively
2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect
2019634 - Pause and migration is enabled in action list for a user who has view only permission
2019636 - Actions in VM tabs should be disabled when user has view only permission
2019639 - "Take snapshot" should be disabled while VM image is still been importing
2019645 - Create button is not removed on "Virtual Machines" page for view only user
2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user
2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user
2019717 - cant delete VM with un-owned pvc attached
2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass
2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always"
2019744 - [RFE] Suggest users to download newest RHEL 8 version
2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level
2019827 - Display issue with top-level menu items running demo plugin
2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded
2019886 - Kuryr unable to finish ports recovery upon controller restart
2019948 - [RFE] Restructring Virtualization links
2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster
2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout
2019986 - Dynamic demo plugin fails to build
2019992 - instance:node_memory_utilisation:ratio metric is incorrect
2020001 - Update dockerfile for demo dynamic plugin to reflect dir change
2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation.
2020107 - cluster-version-operator: remove runlevel from CVO namespace
2020153 - Creation of Windows high performance VM fails
2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public
2020250 - Replacing deprecated ioutil
2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build
2020275 - ClusterOperators link in console returns blank page during upgrades
2020377 - permissions error while using tcpdump option with must-gather
2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined
2020498 - "Show PromQL" button is disabled
2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature
2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI
2020664 - DOWN subports are not cleaned up
2020904 - When trying to create a connection from the Developer view between VMs, it fails
2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana
2021017 - 404 page not found error on knative eventing page
2021031 - QE - Fix the topology CI scripts
2021048 - [RFE] Added MAC Spoof check
2021053 - Metallb operator presented as community operator
2021067 - Extensive number of requests from storage version operator in cluster
2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes
2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass
2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node
2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating
2021152 - imagePullPolicy is "Always" for ptp operator images
2021191 - Project admins should be able to list available network attachment defintions
2021205 - Invalid URL in git import form causes validation to not happen on URL change
2021322 - cluster-api-provider-azure should populate purchase plan information
2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind
2021364 - Installer requires invalid AWS permission s3:GetBucketReplication
2021400 - Bump documentationBaseURL to 4.10
2021405 - [e2e][automation] VM creation wizard Cloud Init editor
2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected
2021466 - [e2e][automation] Windows guest tool mount
2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver
2021551 - Build is not recognizing the USER group from an s2i image
2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character
2021629 - api request counts for current hour are incorrect
2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page
2021693 - Modals assigned modal-lg class are no longer the correct width
2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines
2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled
2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags
2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem
2022053 - dpdk application with vhost-net is not able to start
2022114 - Console logging every proxy request
2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)
2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long
2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error .
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2022509 - getOverrideForManifest does not check manifest.GVK.Group
2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache
2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard
2022627 - Machine object not picking up external FIP added to an openstack vm
2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:'
2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox
2022801 - Add Sprint 210 translations
2022811 - Fix kubelet log rotation file handle leak
2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations
2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2022880 - Pipeline renders with minor visual artifact with certain task dependencies
2022886 - Incorrect URL in operator description
2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config
2023060 - [e2e][automation] Windows VM with CDROM migration
2023077 - [e2e][automation] Home Overview Virtualization status
2023090 - [e2e][automation] Examples of Import URL for VM templates
2023102 - [e2e][automation] Cloudinit disk of VM from custom template
2023216 - ACL for a deleted egressfirewall still present on node join switch
2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9
2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy
2023342 - SCC admission should take ephemeralContainers into account
2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden)
2023434 - Update Azure Machine Spec API to accept Marketplace Images
2023500 - Latency experienced while waiting for volumes to attach to node
2023522 - can't remove package from index: database is locked
2023560 - "Network Attachment Definitions" has no project field on the top in the list view
2023592 - [e2e][automation] add mac spoof check for nad
2023604 - ACL violation when deleting a provisioning-configuration resource
2023607 - console returns blank page when normal user without any projects visit Installed Operators page
2023638 - Downgrade support level for extended control plane integration to Dev Preview
2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10
2023675 - Changing CNV Namespace
2023779 - Fix Patch 104847 in 4.9
2023781 - initial hardware devices is not loading in wizard
2023832 - CCO updates lastTransitionTime for non-Status changes
2023839 - Bump recommended FCOS to 34.20211031.3.0
2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly
2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository
2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8
2024055 - External DNS added extra prefix for the TXT record
2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully
2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json
2024199 - 400 Bad Request error for some queries for the non admin user
2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode
2024262 - Sample catalog is not displayed when one API call to the backend fails
2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability
2024316 - modal about support displays wrong annotation
2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected
2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page
2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view
2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined
2024515 - test-blocker: Ceph-storage-plugin tests failing
2024535 - hotplug disk missing OwnerReference
2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image
2024547 - Detail page is breaking for namespace store , backing store and bucket class.
2024551 - KMS resources not getting created for IBM FlashSystem storage
2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel
2024613 - pod-identity-webhook starts without tls
2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded
2024665 - Bindable services are not shown on topology
2024731 - linuxptp container: unnecessary checking of interfaces
2024750 - i18n some remaining OLM items
2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack
2024841 - test Keycloak with latest tag
2024859 - Not able to deploy an existing image from private image registry using developer console
2024880 - Egress IP breaks when network policies are applied
2024900 - Operator upgrade kube-apiserver
2024932 - console throws "Unauthorized" error after logging out
2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up
2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick
2025230 - ClusterAutoscalerUnschedulablePods should not be a warning
2025266 - CreateResource route has exact prop which need to be removed
2025301 - [e2e][automation] VM actions availability in different VM states
2025304 - overwrite storage section of the DV spec instead of the pvc section
2025431 - [RFE]Provide specific windows source link
2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36
2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node
2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local
2025481 - Update VM Snapshots UI
2025488 - [DOCS] Update the doc for nmstate operator installation
2025592 - ODC 4.9 supports invalid devfiles only
2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings"
2025767 - VMs orphaned during machineset scaleup
2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard
2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2026560 - Cluster-version operator does not remove unrecognized volume mounts
2026699 - fixed a bug with missing metadata
2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator
2026898 - Description/details are missing for Local Storage Operator
2027132 - Use the specific icon for Fedora and CentOS template
2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend
2027272 - KubeMemoryOvercommit alert should be human readable
2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group
2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue)
2027299 - The status of checkbox component is not revealed correctly in code
2027311 - K8s watch hooks do not work when fetching core resources
2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation
2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images
2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation
2027498 - [IBMCloud] SG Name character length limitation
2027501 - [4.10] Bootimage bump tracker
2027524 - Delete Application doesn't delete Channels or Brokers
2027563 - e2e/add-flow-ci.feature fix accessibility violations
2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges
2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions
2027685 - openshift-cluster-csi-drivers pods crashing on PSI
2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced
2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string
2027917 - No settings in hostfirmwaresettings and schema objects for masters
2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf
2027982 - nncp stucked at ConfigurationProgressing
2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters
2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed
2028030 - Panic detected in cluster-image-registry-operator pod
2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found"
2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9
2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin
2028141 - Console tests doesn't pass on Node.js 15 and 16
2028160 - Remove i18nKey in network-policy-peer-selectors.tsx
2028162 - Add Sprint 210 translations
2028170 - Remove leading and trailing whitespace
2028174 - Add Sprint 210 part 2 translations
2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it
2028217 - Cluster-version operator does not default Deployment replicas to one
2028240 - Multiple CatalogSources causing higher CPU use than necessary
2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings
2028325 - disableDrain should be set automatically on SNO
2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel
2028531 - Missing netFilter to the list of parameters when platform is OpenStack
2028610 - Installer doesn't retry on GCP rate limiting
2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting
2028695 - destroy cluster does not prune bootstrap instance profile
2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs
2028802 - CRI-O panic due to invalid memory address or nil pointer dereference
2028816 - VLAN IDs not released on failures
2028881 - Override not working for the PerformanceProfile template
2028885 - Console should show an error context if it logs an error object
2028949 - Masthead dropdown item hover text color is incorrect
2028963 - Whereabouts should reconcile stranded IP addresses
2029034 - enabling ExternalCloudProvider leads to inoperative cluster
2029178 - Create VM with wizard - page is not displayed
2029181 - Missing CR from PGT
2029273 - wizard is not able to use if project field is "All Projects"
2029369 - Cypress tests github rate limit errors
2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out
2029394 - missing empty text for hardware devices at wizard review
2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used
2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl
2029521 - EFS CSI driver cannot delete volumes under load
2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle
2029579 - Clicking on an Application which has a Helm Release in it causes an error
2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE
2029645 - Sync upstream 1.15.0 downstream
2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing
2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip
2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage
2029785 - CVO panic when an edge is included in both edges and conditionaledges
2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)
2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error
2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2030228 - Fix StorageSpec resources field to use correct API
2030229 - Mirroring status card reflect wrong data
2030240 - Hide overview page for non-privileged user
2030305 - Export App job do not completes
2030347 - kube-state-metrics exposes metrics about resource annotations
2030364 - Shared resource CSI driver monitoring is not setup correctly
2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets
2030534 - Node selector/tolerations rules are evaluated too early
2030539 - Prometheus is not highly available
2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing
2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation
2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates.
2030677 - BOND CNI: There is no option to configure MTU on a Bond interface
2030692 - NPE in PipelineJobListener.upsertWorkflowJob
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2030847 - PerformanceProfile API version should be v2
2030961 - Customizing the OAuth server URL does not apply to upgraded cluster
2031006 - Application name input field is not autofocused when user selects "Create application"
2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex
2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started
2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue
2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip
2031060 - Failing CSR Unit test due to expired test certificate
2031085 - ovs-vswitchd running more threads than expected
2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability
2031502 - [RFE] New common templates crash the ui
2031685 - Duplicated forward upstreams should be removed from the dns operator
2031699 - The displayed ipv6 address of a dns upstream should be case sensitive
2031797 - [RFE] Order and text of Boot source type input are wrong
2031826 - CI tests needed to confirm driver-toolkit image contents
2031831 - OCP Console - Global CSS overrides affecting dynamic plugins
2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional
2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)
2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)
2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself
2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource
2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64
2032141 - open the alertrule link in new tab, got empty page
2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy
2032296 - Cannot create machine with ephemeral disk on Azure
2032407 - UI will show the default openshift template wizard for HANA template
2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded
2032421 - [RFE] UI integration with automatic updated images
2032516 - Not able to import git repo with .devfile.yaml
2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource
2032547 - hardware devices table have filter when table is empty
2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool
2032566 - Cluster-ingress-router does not support Azure Stack
2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso
2032589 - DeploymentConfigs ignore resolve-names annotation
2032732 - Fix styling conflicts due to recent console-wide CSS changes
2032831 - Knative Services and Revisions are not shown when Service has no ownerReference
2032851 - Networking is "not available" in Virtualization Overview
2032926 - Machine API components should use K8s 1.23 dependencies
2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24
2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster
2033013 - Project dropdown in user preferences page is broken
2033044 - Unable to change import strategy if devfile is invalid
2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable
2033111 - IBM VPC operator library bump removed global CLI args
2033138 - "No model registered for Templates" shows on customize wizard
2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected
2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected
2033257 - unable to use configmap for helm charts
2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered
2033290 - Product builds for console are failing
2033382 - MAPO is missing machine annotations
2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations
2033403 - Devfile catalog does not show provider information
2033404 - Cloud event schema is missing source type and resource field is using wrong value
2033407 - Secure route data is not pre-filled in edit flow form
2033422 - CNO not allowing LGW conversion from SGW in runtime
2033434 - Offer darwin/arm64 oc in clidownloads
2033489 - CCM operator failing on baremetal platform
2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver
2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains
2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady
2033538 - Gather Cost Management Metrics Custom Resource
2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined
2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page
2033634 - list-style-type: disc is applied to the modal dropdowns
2033720 - Update samples in 4.10
2033728 - Bump OVS to 2.16.0-33
2033729 - remove runtime request timeout restriction for azure
2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended
2033749 - Azure Stack Terraform fails without Local Provider
2033750 - Local volume should pull multi-arch image for kube-rbac-proxy
2033751 - Bump kubernetes to 1.23
2033752 - make verify fails due to missing yaml-patch
2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource
2034004 - [e2e][automation] add tests for VM snapshot improvements
2034068 - [e2e][automation] Enhance tests for 4.10 downstream
2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore
2034097 - [OVN] After edit EgressIP object, the status is not correct
2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning
2034129 - blank page returned when clicking 'Get started' button
2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0
2034153 - CNO does not verify MTU migration for OpenShiftSDN
2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled
2034170 - Use function.knative.dev for Knative Functions related labels
2034190 - unable to add new VirtIO disks to VMs
2034192 - Prometheus fails to insert reporting metrics when the sample limit is met
2034243 - regular user cant load template list
2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version"
2034248 - GPU/Host device modal is too small
2034257 - regular user `Create VM` missing permissions alert
2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere
2034300 - Du validator policy is NonCompliant after DU configuration completed
2034319 - Negation constraint is not validating packages
2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology
2034350 - The CNO should implement the Whereabouts IP reconciliation cron job
2034362 - update description of disk interface
2034398 - The Whereabouts IPPools CRD should include the podref field
2034409 - Default CatalogSources should be pointing to 4.10 index images
2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics
2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode
2034460 - Summary: cloud-network-config-controller does not account for different environment
2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true
2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly
2034493 - Change cluster version operator log level
2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list
2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6
2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer
2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART
2034537 - Update team
2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds
2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success
2034577 - Current OVN gateway mode should be reflected on node annotation as well
2034621 - context menu not popping up for application group
2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10
2034624 - Warn about unsupported CSI driver in vsphere operator
2034647 - missing volumes list in snapshot modal
2034648 - Rebase openshift-controller-manager to 1.23
2034650 - Rebase openshift/builder to 1.23
2034705 - vSphere: storage e2e tests logging configuration data
2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.
2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment
2034785 - ptpconfig with summary_interval cannot be applied
2034823 - RHEL9 should be starred in template list
2034838 - An external router can inject routes if no service is added
2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent
2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty
2034881 - Cloud providers components should use K8s 1.23 dependencies
2034884 - ART cannot build the image because it tries to download controller-gen
2034889 - `oc adm prune deployments` does not work
2034898 - Regression in recently added Events feature
2034957 - update openshift-apiserver to kube 1.23.1
2035015 - ClusterLogForwarding CR remains stuck remediating forever
2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster
2035141 - [RFE] Show GPU/Host devices in template's details tab
2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC
2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting
2035199 - IPv6 support in mtu-migration-dispatcher.yaml
2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing
2035250 - Peering with ebgp peer over multi-hops doesn't work
2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices
2035315 - invalid test cases for AWS passthrough mode
2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env
2035321 - Add Sprint 211 translations
2035326 - [ExternalCloudProvider] installation with additional network on workers fails
2035328 - Ccoctl does not ignore credentials request manifest marked for deletion
2035333 - Kuryr orphans ports on 504 errors from Neutron
2035348 - Fix two grammar issues in kubevirt-plugin.json strings
2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
2035409 - OLM E2E test depends on operator package that's no longer published
2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address
2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'
2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster
2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page
2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers
2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class
2035602 - [e2e][automation] add tests for Virtualization Overview page cards
2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly
2035704 - RoleBindings list page filter doesn't apply
2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.
2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed
2035772 - AccessMode and VolumeMode is not reserved for customize wizard
2035847 - Two dashes in the Cronjob / Job pod name
2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml
2035882 - [BIOS setting values] Create events for all invalid settings in spec
2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”
2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen
2035927 - Cannot enable HighNodeUtilization scheduler profile
2035933 - volume mode and access mode are empty in customize wizard review tab
2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods
2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation
2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error
2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential
2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend
2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes
2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23
2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23
2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments
2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists
2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected
2036826 - `oc adm prune deployments` can prune the RC/RS
2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform
2036861 - kube-apiserver is degraded while enable multitenant
2036937 - Command line tools page shows wrong download ODO link
2036940 - oc registry login fails if the file is empty or stdout
2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container
2036989 - Route URL copy to clipboard button wraps to a separate line by itself
2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters
2036993 - Machine API components should use Go lang version 1.17
2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.
2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api
2037073 - Alertmanager container fails to start because of startup probe never being successful
2037075 - Builds do not support CSI volumes
2037167 - Some log level in ibm-vpc-block-csi-controller are hard code
2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles
2037182 - PingSource badge color is not matched with knativeEventing color
2037203 - "Running VMs" card is too small in Virtualization Overview
2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly
2037237 - Add "This is a CD-ROM boot source" to customize wizard
2037241 - default TTL for noobaa cache buckets should be 0
2037246 - Cannot customize auto-update boot source
2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately
2037288 - Remove stale image reference
2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources
2037483 - Rbacs for Pods within the CBO should be more restrictive
2037484 - Bump dependencies to k8s 1.23
2037554 - Mismatched wave number error message should include the wave numbers that are in conflict
2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]
2037635 - impossible to configure custom certs for default console route in ingress config
2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8
2037638 - Builds do not support CSI volumes as volume sources
2037664 - text formatting issue in Installed Operators list table
2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037801 - Serverless installation is failing on CI jobs for e2e tests
2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format
2037856 - use lease for leader election
2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10
2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests
2037904 - upgrade operator deployment failed due to memory limit too low for manager container
2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]
2038034 - non-privileged user cannot see auto-update boot source
2038053 - Bump dependencies to k8s 1.23
2038088 - Remove ipa-downloader references
2038160 - The `default` project missed the annotation : openshift.io/node-selector: ""
2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional
2038196 - must-gather is missing collecting some metal3 resources
2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)
2038253 - Validator Policies are long lived
2038272 - Failures to build a PreprovisioningImage are not reported
2038384 - Azure Default Instance Types are Incorrect
2038389 - Failing test: [sig-arch] events should not repeat pathologically
2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket
2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips
2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained
2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect
2038663 - update kubevirt-plugin OWNERS
2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"
2038705 - Update ptp reviewers
2038761 - Open Observe->Targets page, wait for a while, page become blank
2038768 - All the filters on the Observe->Targets page can't work
2038772 - Some monitors failed to display on Observe->Targets page
2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node
2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces
2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard
2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation
2038864 - E2E tests fail because multi-hop-net was not created
2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console
2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured
2038968 - Move feature gates from a carry patch to openshift/api
2039056 - Layout issue with breadcrumbs on API explorer page
2039057 - Kind column is not wide enough in API explorer page
2039064 - Bulk Import e2e test flaking at a high rate
2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled
2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters
2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost
2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator
2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade
2039227 - Improve image customization server parameter passing during installation
2039241 - Improve image customization server parameter passing during installation
2039244 - Helm Release revision history page crashes the UI
2039294 - SDN controller metrics cannot be consumed correctly by prometheus
2039311 - oc Does Not Describe Build CSI Volumes
2039315 - Helm release list page should only fetch secrets for deployed charts
2039321 - SDN controller metrics are not being consumed by prometheus
2039330 - Create NMState button doesn't work in OperatorHub web console
2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations
2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.
2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced
2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message
2040150 - Update ConfigMap keys for IBM HPCS
2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth
2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository
2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp
2040376 - "unknown instance type" error for supported m6i.xlarge instance
2040394 - Controller: enqueue the failed configmap till services update
2040467 - Cannot build ztp-site-generator container image
2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4
2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps
2040535 - Auto-update boot source is not available in customize wizard
2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name
2040603 - rhel worker scaleup playbook failed because missing some dependency of podman
2040616 - rolebindings page doesn't load for normal users
2040620 - [MAPO] Error pulling MAPO image on installation
2040653 - Topology sidebar warns that another component is updated while rendering
2040655 - User settings update fails when selecting application in topology sidebar
2040661 - Different react warnings about updating state on unmounted components when leaving topology
2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation
2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi
2040694 - Three upstream HTTPClientConfig struct fields missing in the operator
2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers
2040710 - cluster-baremetal-operator cannot update BMC subscription CR
2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms
2040782 - Import YAML page blocks input with more then one generateName attribute
2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute
2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator
2040793 - Fix snapshot e2e failures
2040880 - do not block upgrades if we can't connect to vcenter
2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10
2041093 - autounattend.xml missing
2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates
2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"
2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23
2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller
2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener
2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud
2041466 - Kubedescheduler version is missing from the operator logs
2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses
2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)
2041492 - Spacing between resources in inventory card is too small
2041509 - GCP Cloud provider components should use K8s 1.23 dependencies
2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook
2041541 - audit: ManagedFields are dropped using API not annotation
2041546 - ovnkube: set election timer at RAFT cluster creation time
2041554 - use lease for leader election
2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"
2041583 - etcd and api server cpu mask interferes with a guaranteed workload
2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure
2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation
2041620 - bundle CSV alm-examples does not parse
2041641 - Fix inotify leak and kubelet retaining memory
2041671 - Delete templates leads to 404 page
2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category
2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled
2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint
2041763 - The Observe > Alerting pages no longer have their default sort order applied
2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken
2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied
2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster
2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases
2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist
2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen
2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile
2041999 - [PROXY] external dns pod cannot recognize custom proxy CA
2042001 - unexpectedly found multiple load balancers
2042029 - kubedescheduler fails to install completely
2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters
2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs
2042059 - update discovery burst to reflect lots of CRDs on openshift clusters
2042069 - Revert toolbox to rhcos-toolbox
2042169 - Can not delete egressnetworkpolicy in Foreground propagation
2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool
2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud
2042274 - Storage API should be used when creating a PVC
2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection
2042366 - Lifecycle hooks should be independently managed
2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway
2042382 - [e2e][automation] CI takes more then 2 hours to run
2042395 - Add prerequisites for active health checks test
2042438 - Missing rpms in openstack-installer image
2042466 - Selection does not happen when switching from Topology Graph to List View
2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver
2042567 - insufficient info on CodeReady Containers configuration
2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk
2042619 - Overview page of the console is broken for hypershift clusters
2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running
2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud
2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud
2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly
2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)
2042851 - Create template from SAP HANA template flow - VM is created instead of a new template
2042906 - Edit machineset with same machine deletion hook name succeed
2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"
2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'
2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
2043043 - Cluster Autoscaler should use K8s 1.23 dependencies
2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)
2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2044201 - Templates golden image parameters names should be supported
2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]
2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"
2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects
2044347 - Bump to kubernetes 1.23.3
2044481 - collect sharedresource cluster scoped instances with must-gather
2044496 - Unable to create hardware events subscription - failed to add finalizers
2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
2044680 - Additional libovsdb performance and resource consumption fixes
2044704 - Observe > Alerting pages should not show runbook links in 4.10
2044717 - [e2e] improve tests for upstream test environment
2044724 - Remove namespace column on VM list page when a project is selected
2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff
2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD
2045024 - CustomNoUpgrade alerts should be ignored
2045112 - vsphere-problem-detector has missing rbac rules for leases
2045199 - SnapShot with Disk Hot-plug hangs
2045561 - Cluster Autoscaler should use the same default Group value as Cluster API
2045591 - Reconciliation of aws pod identity mutating webhook did not happen
2045849 - Add Sprint 212 translations
2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10
2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin
2045916 - [IBMCloud] Default machine profile in installer is unreliable
2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment
2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify
2046137 - oc output for unknown commands is not human readable
2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance
2046297 - Bump DB reconnect timeout
2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations
2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors
2046626 - Allow setting custom metrics for Ansible-based Operators
2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud
2047025 - Installation fails because of Alibaba CSI driver operator is degraded
2047190 - Bump Alibaba CSI driver for 4.10
2047238 - When using communities and localpreferences together, only localpreference gets applied
2047255 - alibaba: resourceGroupID not found
2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions
2047317 - Update HELM OWNERS files under Dev Console
2047455 - [IBM Cloud] Update custom image os type
2047496 - Add image digest feature
2047779 - do not degrade cluster if storagepolicy creation fails
2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2047929 - use lease for leader election
2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services
2048048 - Application tab in User Preferences dropdown menus are too wide.
2048050 - Topology list view items are not highlighted on keyboard navigation
2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value
2048413 - Bond CNI: Failed to attach Bond NAD to pod
2048443 - Image registry operator panics when finalizes config deletion
2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*
2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt
2048598 - Web terminal view is broken
2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure
2048891 - Topology page is crashed
2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class
2049043 - Cannot create VM from template
2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2049886 - Placeholder bug for OCP 4.10.0 metadata release
2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning
2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2
2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0
2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'
2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]
2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members
2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes
2050370 - alert data for burn budget needs to be updated to prevent regression
2050393 - ZTP missing support for local image registry and custom machine config
2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud
2050737 - Remove metrics and events for master port offsets
2050801 - Vsphere upi tries to access vsphere during manifests generation phase
2050883 - Logger object in LSO does not log source location accurately
2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit
2052062 - Whereabouts should implement client-go 1.22+
2052125 - [4.10] Crio appears to be coredumping in some scenarios
2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config
2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.
2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1
2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch
2052756 - [4.10] PVs are not being cleaned up after PVC deletion
2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format"
2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs
2053268 - inability to detect static lifecycle failure
2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates
2053323 - OpenShift-Ansible BYOH Unit Tests are Broken
2053339 - Remove dev preview badge from IBM FlashSystem deployment windows
2053751 - ztp-site-generate container is missing convenience entrypoint
2053945 - [4.10] Failed to apply sriov policy on intel nics
2054109 - Missing "app" label
2054154 - RoleBinding in project without subject is causing "Project access" page to fail
2054244 - Latest pipeline run should be listed on the top of the pipeline run list
2054288 - console-master-e2e-gcp-console is broken
2054562 - DPU network operator 4.10 branch need to sync with master
2054897 - Unable to deploy hw-event-proxy operator
2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently
2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line
2055371 - Remove Check which enforces summary_interval must match logSyncInterval
2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11
2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured
2056479 - ovirt-csi-driver-node pods are crashing intermittently
2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"
2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"
2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs
2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
2056948 - post 1.23 rebase: regression in service-load balancer reliability
2057438 - Service Level Agreement (SLA) always show 'Unknown'
2057721 - Fix Proxy support in RHACM 2.4.2
2057724 - Image creation fails when NMstateConfig CR is empty
2058641 - [4.10] Pod density test causing problems when using kube-burner
2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install
2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials
2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc
5. References:
https://access.redhat.com/security/cve/CVE-2014-3577
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2018-1000858
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-9952
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-25660
https://access.redhat.com/security/cve/CVE-2020-25677
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27781
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-3516
https://access.redhat.com/security/cve/CVE-2021-3517
https://access.redhat.com/security/cve/CVE-2021-3518
https://access.redhat.com/security/cve/CVE-2021-3520
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3537
https://access.redhat.com/security/cve/CVE-2021-3541
https://access.redhat.com/security/cve/CVE-2021-3733
https://access.redhat.com/security/cve/CVE-2021-3749
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-21684
https://access.redhat.com/security/cve/CVE-2021-22946
https://access.redhat.com/security/cve/CVE-2021-22947
https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/cve/CVE-2021-27218
https://access.redhat.com/security/cve/CVE-2021-30666
https://access.redhat.com/security/cve/CVE-2021-30761
https://access.redhat.com/security/cve/CVE-2021-30762
https://access.redhat.com/security/cve/CVE-2021-33928
https://access.redhat.com/security/cve/CVE-2021-33929
https://access.redhat.com/security/cve/CVE-2021-33930
https://access.redhat.com/security/cve/CVE-2021-33938
https://access.redhat.com/security/cve/CVE-2021-36222
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2021-39226
https://access.redhat.com/security/cve/CVE-2021-41190
https://access.redhat.com/security/cve/CVE-2021-43813
https://access.redhat.com/security/cve/CVE-2021-44716
https://access.redhat.com/security/cve/CVE-2021-44717
https://access.redhat.com/security/cve/CVE-2022-0532
https://access.redhat.com/security/cve/CVE-2022-21673
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL
0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne
eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM
CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF
aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC
Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp
sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO
RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN
rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry
bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z
7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT
b5PUYUBIZLc=
=GUDA
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
Installation note:
Safari 13.1 may be obtained from the Mac App Store.
For the stable distribution (buster), these problems have been fixed in
version 2.28.2-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl60Z+xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RdfQ/+JQHSS0LOXRnNKs6XZCc1UUausTMIznQgIdwaO8nKt4i+oxDN4bQaxWsf
PGNIrUAAzz67Thfm7fwBwI4g5NwXuLRPxUAe34YQsgSUCr0WtKdLkspSlYVDw3k8
8wHqCyYyb69edg+YserqAnC+B5pt7hrFe0k030ijidNIAtHtM5ClU2i9VuvNwy6K
mOvhoVNiUL9REGPd8ZryKEeiw31HUN8MeXQVPFZjgnQZbbHg/U9YhzbOh2neD6SA
Win4TyeCYYhq+lsqtot0dp5RxUFM8Dtn9x98lbQiF5EaoGW3adfp2FMckvFabXd/
6V7g8zph693vXmm9O0flHSclvYAMm8JuKDUfk2QJJBzxcCIhZu70MATk6Ex9RuKe
ersyv0J9A82dFAI8s6f1j2O68qsBc6Y4k0Ac916l0KQNswZ2MeuFLC7ZKRUUbgxf
ezFjWIlBCWkxadYlJVMPdoIA4r+7MvCdUbYmZJVUUpMo0O0NnnjfoVzKO1uSjIQI
Z14JvLTXkvnV1XH5MOMga76EMTzCAJZ8yVfJ6VlJMySnL2P40+jcYUG4XClCXX2E
R/33CEjEUMxCV5+xhk5aNKgEDT0LGkRk6h3B1TLkSChramvghgLqJ9sLf5Vvdeo2
PzTl1rmEBsqWfgSzRSC6m1DeViPxgZc0A8aiqSblm4AeJ0iNTiQ=
=XoWf
-----END PGP SIGNATURE-----
|
|
var-201912-0525
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. The product supports storage of music, photos, App and contacts, etc. Cross-site scripting vulnerabilities exist in the WebKit components of Apple iTunes versions prior to 12.10.1, iCloud versions prior to 7.14, and versions prior to 10.7 based on the Windows platform. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. This issue is fixed in iOS 13, Safari 13. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. This issue is fixed in Safari 13.0.1, iOS 13. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. A remote attacker may be able to cause arbitrary code execution. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3902).
Entry added October 29, 2019
boringssl
We would like to acknowledge Nimrod Aviram of Tel Aviv University,
Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr
University Bochum and Thijs Alkemade (@xnyhps) of Computest for their
assistance. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4035-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035
Issue date: 2020-09-29
CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506
CVE-2019-8524 CVE-2019-8535 CVE-2019-8536
CVE-2019-8544 CVE-2019-8551 CVE-2019-8558
CVE-2019-8559 CVE-2019-8563 CVE-2019-8571
CVE-2019-8583 CVE-2019-8584 CVE-2019-8586
CVE-2019-8587 CVE-2019-8594 CVE-2019-8595
CVE-2019-8596 CVE-2019-8597 CVE-2019-8601
CVE-2019-8607 CVE-2019-8608 CVE-2019-8609
CVE-2019-8610 CVE-2019-8611 CVE-2019-8615
CVE-2019-8619 CVE-2019-8622 CVE-2019-8623
CVE-2019-8625 CVE-2019-8644 CVE-2019-8649
CVE-2019-8658 CVE-2019-8666 CVE-2019-8669
CVE-2019-8671 CVE-2019-8672 CVE-2019-8673
CVE-2019-8674 CVE-2019-8676 CVE-2019-8677
CVE-2019-8678 CVE-2019-8679 CVE-2019-8680
CVE-2019-8681 CVE-2019-8683 CVE-2019-8684
CVE-2019-8686 CVE-2019-8687 CVE-2019-8688
CVE-2019-8689 CVE-2019-8690 CVE-2019-8707
CVE-2019-8710 CVE-2019-8719 CVE-2019-8720
CVE-2019-8726 CVE-2019-8733 CVE-2019-8735
CVE-2019-8743 CVE-2019-8763 CVE-2019-8764
CVE-2019-8765 CVE-2019-8766 CVE-2019-8768
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8821 CVE-2019-8822
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-11070 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-10018 CVE-2020-11793
====================================================================
1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,
CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,
CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,
CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,
CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,
CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,
CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,
CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,
CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,
CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,
CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. References:
https://access.redhat.com/security/cve/CVE-2019-6237
https://access.redhat.com/security/cve/CVE-2019-6251
https://access.redhat.com/security/cve/CVE-2019-8506
https://access.redhat.com/security/cve/CVE-2019-8524
https://access.redhat.com/security/cve/CVE-2019-8535
https://access.redhat.com/security/cve/CVE-2019-8536
https://access.redhat.com/security/cve/CVE-2019-8544
https://access.redhat.com/security/cve/CVE-2019-8551
https://access.redhat.com/security/cve/CVE-2019-8558
https://access.redhat.com/security/cve/CVE-2019-8559
https://access.redhat.com/security/cve/CVE-2019-8563
https://access.redhat.com/security/cve/CVE-2019-8571
https://access.redhat.com/security/cve/CVE-2019-8583
https://access.redhat.com/security/cve/CVE-2019-8584
https://access.redhat.com/security/cve/CVE-2019-8586
https://access.redhat.com/security/cve/CVE-2019-8587
https://access.redhat.com/security/cve/CVE-2019-8594
https://access.redhat.com/security/cve/CVE-2019-8595
https://access.redhat.com/security/cve/CVE-2019-8596
https://access.redhat.com/security/cve/CVE-2019-8597
https://access.redhat.com/security/cve/CVE-2019-8601
https://access.redhat.com/security/cve/CVE-2019-8607
https://access.redhat.com/security/cve/CVE-2019-8608
https://access.redhat.com/security/cve/CVE-2019-8609
https://access.redhat.com/security/cve/CVE-2019-8610
https://access.redhat.com/security/cve/CVE-2019-8611
https://access.redhat.com/security/cve/CVE-2019-8615
https://access.redhat.com/security/cve/CVE-2019-8619
https://access.redhat.com/security/cve/CVE-2019-8622
https://access.redhat.com/security/cve/CVE-2019-8623
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8644
https://access.redhat.com/security/cve/CVE-2019-8649
https://access.redhat.com/security/cve/CVE-2019-8658
https://access.redhat.com/security/cve/CVE-2019-8666
https://access.redhat.com/security/cve/CVE-2019-8669
https://access.redhat.com/security/cve/CVE-2019-8671
https://access.redhat.com/security/cve/CVE-2019-8672
https://access.redhat.com/security/cve/CVE-2019-8673
https://access.redhat.com/security/cve/CVE-2019-8674
https://access.redhat.com/security/cve/CVE-2019-8676
https://access.redhat.com/security/cve/CVE-2019-8677
https://access.redhat.com/security/cve/CVE-2019-8678
https://access.redhat.com/security/cve/CVE-2019-8679
https://access.redhat.com/security/cve/CVE-2019-8680
https://access.redhat.com/security/cve/CVE-2019-8681
https://access.redhat.com/security/cve/CVE-2019-8683
https://access.redhat.com/security/cve/CVE-2019-8684
https://access.redhat.com/security/cve/CVE-2019-8686
https://access.redhat.com/security/cve/CVE-2019-8687
https://access.redhat.com/security/cve/CVE-2019-8688
https://access.redhat.com/security/cve/CVE-2019-8689
https://access.redhat.com/security/cve/CVE-2019-8690
https://access.redhat.com/security/cve/CVE-2019-8707
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8719
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8726
https://access.redhat.com/security/cve/CVE-2019-8733
https://access.redhat.com/security/cve/CVE-2019-8735
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8763
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8765
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8768
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8821
https://access.redhat.com/security/cve/CVE-2019-8822
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-11070
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-10-29-6 Additional information
for APPLE-SA-2019-9-26-3 iOS 13
iOS 13 addresses the following:
Bluetooth
Available for: iPhone 6s and later
Impact: Notification previews may show on Bluetooth accessories even
when previews are disabled
Description: A logic issue existed with the display of notification
previews.
CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland
Entry added October 29, 2019
CoreAudio
Available for: iPhone 6s and later
Impact: Processing a maliciously crafted movie may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
CoreCrypto
Available for: iPhone 6s and later
Impact: Processing a large input may lead to a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2019-8825: Found by GWP-ASan in Google Chrome
Entry added October 29, 2019
Face ID
Available for: iPhone 6s and later
Impact: A 3D model constructed to look like the enrolled user may
authenticate via Face ID
Description: This issue was addressed by improving Face ID machine
learning models.
CVE-2019-8760: Wish Wu (吴潍浠 @wish_wu) of Ant-financial
Light-Year Security Lab
Foundation
Available for: iPhone 6s and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Entry added October 29, 2019
IOUSBDeviceFamily
Available for: iPhone 6s and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8718: Joshua Hill and Sem Voigtländer
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later
Impact: A local app may be able to read a persistent account
identifier
Description: A validation issue was addressed with improved logic.
CVE-2019-8809: Apple
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8709: derrek (@derrekr6)
[confirmed]derrek (@derrekr6)
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8717: Jann Horn of Google Project Zero
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8712: Mohamed Ghannam (@_simo36)
Entry added October 29, 2019
Kernel
Available for: iPhone 6s and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory corruption issue existed in the handling of
IPv6 packets.
CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team
Entry added October 29, 2019
Keyboards
Available for: iPhone 6s and later
Impact: A local user may be able to leak sensitive user information
Description: An authentication issue was addressed with improved
state management.
CVE-2019-8749: found by OSS-Fuzz
CVE-2019-8756: found by OSS-Fuzz
Entry added October 29, 2019
Messages
Available for: iPhone 6s and later
Impact: A person with physical access to an iOS device may be able to
access contacts from the lock screen
Description: The issue was addressed by restricting options offered
on a locked device.
CVE-2019-8742: videosdebarraquito
Notes
Available for: iPhone 6s and later
Impact: A local user may be able to view a user's locked notes
Description: The contents of locked notes sometimes appeared in
search results.
CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia
Polytechnic Institute and State University
Entry added October 29, 2019
PluginKit
Available for: iPhone 6s and later
Impact: A local user may be able to check for the existence of
arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8708: an anonymous researcher
Entry added October 29, 2019
PluginKit
Available for: iPhone 6s and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8715: an anonymous researcher
Entry added October 29, 2019
Quick Look
Available for: iPhone 6s and later
Impact: Processing a maliciously crafted file may disclose user
information
Description: A permissions issue existed in which execute permission
was incorrectly granted.
CVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT,
Yiğit Can YILMAZ (@yilmazcanyigit)
Safari
Available for: iPhone 6s and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Entry added October 29, 2019
WebKit
Available for: iPhone 6s and later
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2019-8707: an anonymous researcher working with Trend Micro's
Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
CVE-2019-8726: Jihui Lu of Tencent KeenLab
CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of
ABLY Corporation
CVE-2019-8733: Sergei Glazunov of Google Project Zero
CVE-2019-8734: found by OSS-Fuzz
CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
Entry added October 29, 2019
WebKit
Available for: iPhone 6s and later
Impact: A user may be unable to delete browsing history items
Description: "Clear History and Website Data" did not clear the
history.
CVE-2019-8768: Hugo S.
CVE-2019-8625: Sergei Glazunov of Google Project Zero
CVE-2019-8719: Sergei Glazunov of Google Project Zero
CVE-2019-8764: Sergei Glazunov of Google Project Zero
Entry added October 29, 2019
WebKit Page Loading
Available for: iPhone 6s and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8674: Sergei Glazunov of Google Project Zero
Additional recognition
AppleRTC
We would like to acknowledge Vitaly Cheptsov for their assistance.
Audio
We would like to acknowledge riusksk of VulWar Corp working with
Trend Micro's Zero Day Initiative for their assistance.
Bluetooth
We would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile
Networking Lab, Jiska Classen of TU Darmstadt, Secure Mobile
Networking Lab, Francesco Gringoli of University of Brescia, Dennis
Heinze of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
boringssl
We would like to acknowledge Thijs Alkemade (@xnyhps) of Computest
for their assistance.
Control Center
We would like to acknowledge Brandon Sellers for their assistance.
HomeKit
We would like to acknowledge Tian Zhang for their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Keyboard
We would like to acknowledge an anonymous researcher for their
assistance.
Mail
We would like to acknowledge Kenneth Hyndycz for their assistance.
mDNSResponder
We would like to acknowledge Gregor Lang of e.solutions GmbH for
their assistance.
Profiles
We would like to acknowledge Erik Johnson of Vernon Hills High School
and James Seeley (@Code4iOS) of Shriver Job Corps for their
assistance.
SafariViewController
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
VPN
We would like to acknowledge Royce Gawron of Second Son Consulting,
Inc. for their assistance.
WebKit
We would like to acknowledge MinJeong Kim of Information Security
Lab, Chungnam National University, JaeCheol Ryou of the Information
Security Lab, Chungnam National University in South Korea, Yiğit Can
YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an
anonymous researcher, and cc working with Trend Micro's Zero Day
Initiative for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s3oACgkQBz4uGe3y
0M1GMxAAnwBO9htU2i7+SHsXiEt2xJbjilLMM9V5LObjUWqaHXOxdQuYiPxFy9lR
neTOHwR2z1f3L3UPkGut28i24w7fwHVBdFh7w5p5RXlBf7tcRmFhKBUkYIhQ90Qj
jO6DXiCL9InCBVs2nW9Fr4yYV13kdoES6MfguyldGVpQMkyUcZ3F2XK0RCHNqEgz
h+1dR/uws3Ce+HNbb7wnqe4UzAI5DJUR/vH98+fWTl5P6CCaoZrv53vaxErLRBXi
gn/4rtzw+wDlThlrpkE5MwxmvLMF2ZqjUhOSVzKb3qXK+RFgE9FH8SKEBKkCxAa+
8/vZu+zdbN6KCzO608TXH9rNO2LbtQqTlO/jHGTJ30UEaKo9PyFozGkCE6XkWmFU
xtayVkSL08drJEgm+CB80g//hr2CESF0fMHFe8yQYeN2uL5yQxoavyub8E/nPKn1
v32Z6Z2fpGzP3eCLYbV93cBcdJaeXTdib47vvodyYFfFEja7xrv0AvPAbSSm98DK
VtFw3eNAKRbmIEAeY4b1uhdB+qUiqMEWqh0sd97+chY2Do90/4IG/3caLc0pTpDt
huDUQs/IbSujrdjCWSfz35qU4u9sxPpM8wQR2M7mdfY9qGp+Xgfh/MprSZ4wOuS3
PAAs5Pdr9GfymsB+CDpMEr+DiTOza6SUjIadZ+j2FWaklzg7h1A=
=NYIZ
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: March 15, 2020
Bugs: #699156, #706374, #709612
ID: 202003-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
References
==========
[ 1 ] CVE-2019-8625
https://nvd.nist.gov/vuln/detail/CVE-2019-8625
[ 2 ] CVE-2019-8674
https://nvd.nist.gov/vuln/detail/CVE-2019-8674
[ 3 ] CVE-2019-8707
https://nvd.nist.gov/vuln/detail/CVE-2019-8707
[ 4 ] CVE-2019-8710
https://nvd.nist.gov/vuln/detail/CVE-2019-8710
[ 5 ] CVE-2019-8719
https://nvd.nist.gov/vuln/detail/CVE-2019-8719
[ 6 ] CVE-2019-8720
https://nvd.nist.gov/vuln/detail/CVE-2019-8720
[ 7 ] CVE-2019-8726
https://nvd.nist.gov/vuln/detail/CVE-2019-8726
[ 8 ] CVE-2019-8733
https://nvd.nist.gov/vuln/detail/CVE-2019-8733
[ 9 ] CVE-2019-8735
https://nvd.nist.gov/vuln/detail/CVE-2019-8735
[ 10 ] CVE-2019-8743
https://nvd.nist.gov/vuln/detail/CVE-2019-8743
[ 11 ] CVE-2019-8763
https://nvd.nist.gov/vuln/detail/CVE-2019-8763
[ 12 ] CVE-2019-8764
https://nvd.nist.gov/vuln/detail/CVE-2019-8764
[ 13 ] CVE-2019-8765
https://nvd.nist.gov/vuln/detail/CVE-2019-8765
[ 14 ] CVE-2019-8766
https://nvd.nist.gov/vuln/detail/CVE-2019-8766
[ 15 ] CVE-2019-8768
https://nvd.nist.gov/vuln/detail/CVE-2019-8768
[ 16 ] CVE-2019-8769
https://nvd.nist.gov/vuln/detail/CVE-2019-8769
[ 17 ] CVE-2019-8771
https://nvd.nist.gov/vuln/detail/CVE-2019-8771
[ 18 ] CVE-2019-8782
https://nvd.nist.gov/vuln/detail/CVE-2019-8782
[ 19 ] CVE-2019-8783
https://nvd.nist.gov/vuln/detail/CVE-2019-8783
[ 20 ] CVE-2019-8808
https://nvd.nist.gov/vuln/detail/CVE-2019-8808
[ 21 ] CVE-2019-8811
https://nvd.nist.gov/vuln/detail/CVE-2019-8811
[ 22 ] CVE-2019-8812
https://nvd.nist.gov/vuln/detail/CVE-2019-8812
[ 23 ] CVE-2019-8813
https://nvd.nist.gov/vuln/detail/CVE-2019-8813
[ 24 ] CVE-2019-8814
https://nvd.nist.gov/vuln/detail/CVE-2019-8814
[ 25 ] CVE-2019-8815
https://nvd.nist.gov/vuln/detail/CVE-2019-8815
[ 26 ] CVE-2019-8816
https://nvd.nist.gov/vuln/detail/CVE-2019-8816
[ 27 ] CVE-2019-8819
https://nvd.nist.gov/vuln/detail/CVE-2019-8819
[ 28 ] CVE-2019-8820
https://nvd.nist.gov/vuln/detail/CVE-2019-8820
[ 29 ] CVE-2019-8821
https://nvd.nist.gov/vuln/detail/CVE-2019-8821
[ 30 ] CVE-2019-8822
https://nvd.nist.gov/vuln/detail/CVE-2019-8822
[ 31 ] CVE-2019-8823
https://nvd.nist.gov/vuln/detail/CVE-2019-8823
[ 32 ] CVE-2019-8835
https://nvd.nist.gov/vuln/detail/CVE-2019-8835
[ 33 ] CVE-2019-8844
https://nvd.nist.gov/vuln/detail/CVE-2019-8844
[ 34 ] CVE-2019-8846
https://nvd.nist.gov/vuln/detail/CVE-2019-8846
[ 35 ] CVE-2020-3862
https://nvd.nist.gov/vuln/detail/CVE-2020-3862
[ 36 ] CVE-2020-3864
https://nvd.nist.gov/vuln/detail/CVE-2020-3864
[ 37 ] CVE-2020-3865
https://nvd.nist.gov/vuln/detail/CVE-2020-3865
[ 38 ] CVE-2020-3867
https://nvd.nist.gov/vuln/detail/CVE-2020-3867
[ 39 ] CVE-2020-3868
https://nvd.nist.gov/vuln/detail/CVE-2020-3868
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-22
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
|
|
var-200312-0218
|
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests.
This issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities.
Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization.
This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.
TITLE:
Red Hat update for openssl
SECUNIA ADVISORY ID:
SA17398
VERIFY ADVISORY:
http://secunia.com/advisories/17398/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
DESCRIPTION:
Red Hat has issued an update for openssl.
http://rhn.redhat.com/
ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2005-829.html
OTHER REFERENCES:
SA11139:
http://secunia.com/advisories/11139/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]
Denial of Service in ASN.1 parsing
==================================
Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to
address various ASN.1 issues. The issues were found using a test
suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson
(steve@openssl.org) of the OpenSSL core team.
Subsequent to that release, Novell Inc. carried out further testing
using the NISCC suite. This could be
performed for example by sending a client certificate to a SSL/TLS
enabled server which is configured to accept them.
Patches for this issue have been created by Dr Stephen Henson
(steve@openssl.org) of the OpenSSL core team.
Who is affected?
----------------
OpenSSL 0.9.6k is affected by the bug, but the denial of service does
not affect all platforms. This issue does not affect OpenSSL 0.9.7.
Currently only OpenSSL running on Windows platforms is known to crash.
Recommendations
---------------
Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL
applications statically linked to OpenSSL libraries.
OpenSSL 0.9.6l is available for download via HTTP and FTP from the
following master locations (you can find the various FTP mirrors under
https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file name is:
o openssl-0.9.6l.tar.gz [normal]
MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
o openssl-engine-0.9.6l.tar.gz [engine]
MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c
The checksums were calculated using the following command:
openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz
References
----------
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0851 to this issue.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20031104.txt
|